Fake ASIC Business Name Renewal Phishing Emails

06th March 2017
Article Publisher

Beware of a FAKE email requesting Renewal of your Business Name with ASIC, complete with Australian Securities & Investment Commission logo. It is a SCAM containing a link to a dangerous website that contains Ransomware !

The first of these bogus emails that I received in March 2017 was sent from “asic-gov-au.co”, a domain name that obviously resembles "asic.gov.au" and had been deliberately selected to deceive recipients.

The underlined "Renewal letter" link connects to another domain URL that I will not share here. If you have received the message, then hovering your mouse over the link (without clicking) will reveal the actual URL destination. It is a highly suspicious "guestaccess.aspx" file which has no association whatsoever with ASIC. Ransomware awaits !

Who registered the domain name “asic-gov-au.co” ?

Ping Lun registered the domain name asic-gov-au.co on 5th March 2017

Ping Lun of Xiamen, China registered this domain name on the 5th March 2017. However, it is likely this name and address are also phony.

The asic-gov-au.co mail server is located in Quebec, Canada

The mail server is located in Quebec, Canada.

Other bogus domain names used

The domain name “asic-gov-au.co” was duly Blacklisted by Spamhaus.org and SURBL.org in April 2017. Each time this occurs, the cybercriminals simply register another domain name and continue their email scam. Here is a list of other known bogus domain names used in the ASIC Business Name Renewal email scam:

  • asic-mail-gov-au.com
  • australian-government.com
  • australiangovernments.com
  • asicdesk.com
  • prepareincometax.com
  • australiangovernement.com
  • asicsaustralia.biz
  • ato.gov.autsl.com
  • ato.gov.r-au.com

How to recognise the GENUINE Business Name Renewal Email Advice from ASIC

On Wednesday, 22nd March 2017 I received this authentic email message from ASIC.

GENUINE Business Name Renewal Email Message from ASIC

  1. Notice that the genuine ASIC email message was sent from their actual domain name “asic.gov.au
    You can examine the header code in the email message to establish where the message was actually sent from; the domain name and IP address.
  2. When you hover your mouse over the underlined "Renewal letter" link, notice that also connects to the genuine ASIC website sub-domain “post.asic.gov.au”. You can therefore confidently presume that link is safe to click. It does link to a PDF download file containing instructions explaining how to proceed and renew your Business Name.
  3. The message is signed off by Rosanne Bell, Senior Executive Leader at ASIC. Now I guess that name is easy to include in a fake message. However you can Google her name to establish that she is in fact an Executive employed by ASIC, unlike the bogus name used in the fake email message above.
 
4 Comments - Average Rating 5 / 5 (Show All)

Add your comment ⇒

Beware - these fake ASIC emails are still around!

- 13th June 2018

Today I received one of these fake ASIC business renewal emails at my workplace. I was suspicious because the sender was "info(at)freddycurry.com" which of course is not a government email. However the logo, links to the ASIC website and formal sign-off made me question whether it could be real. Thankfully I searched before clicking any links! Please be aware that these fake emails are still going around as of 13th June 2018. Do not click any of the links, just delete it.

Another Fake Message Received 13 June 2018

- 13th June 2018

I have received one from "Rosanne Bell, Senior Executive Leader, Australian Securities and Investments Commission". However, the link takes you to a website hosted in Russia. The email is sent from info(at)thenonprofitexperts.org. The "renewal letter" link takes you to http:// thenonprofitexperts.org/********.

Fake ASIC domains

- 11th April 2018

I have received emails from:
1) globalmessage.org
2) centroescolarfamore.com
The 1st domain was registered yesterday 10 April 2018.


Another domain

- 27th March 2017

I received an ASIC email today with a reply address of : asic.transaction.support @ asic-mail-gov-au.com

REPLY by Gary Flack: Thanks Boris. Looking up that domain name, it was registered just a couple of days ago on 25th March 2017 by XHON XING, Xiamen, China.
asic-gov-au.co has now been Blacklisted by Spamhaus.org and SURBL.org, thus the reason why they needed to register and use a new domain name to continue their Cybercriminal activities.


Add your comment ⇒

You may also be interested in …

ATO Ransomware Phishing Emails
0
Traffic Infringement Phishing Email Scam
0
1
Beware of suspicious email from reckonaustralia.org
0
India SEO Scammers Exposed pretending to be based in Australia
0
5