ASIC scam email sent to tens of thousands of recipients: How to protect your business from ransomware

SmartCompany,, March 7 2017

A new scam email that claims to be a message from the Australian Securities and Investments Commission (ASIC) is targeting businesses across Australia.

The scam email, uncovered by anti-spam software company MailGuard, was sent out to tens of thousands of recipients yesterday morning, in the guise of an official email from ASIC.

Recipients of the email are told their company name is in need of renewal, and the message displays a link to a “renewal letter”.

Read more: Fake Australia Post email puts thousands of inboxes at risk of malware

Upon clicking on the link, users are served with a malicious file, which installs malware on their computer.

This then allows ransomware to be installed and executed remotely, locking users out of important files and demanding a significant fee to get them back.

Despite the email bearing the ASIC logo and the Australian Government coat of arms, there are a few giveaways that reveal the email to be a scam.

Firstly, the email address the scam comes from is not the legitimate ASIC email address (asic.gov.au). Instead it comes from asix-gov-au.co.

The email is also not addressed to recipients specifically, and includes an email signature from “Max Morgan, Senior Executive Leader” at ASIC. No senior executive called Max Morgan appears to work at ASIC.

This is not the first scam that requests businesses renew important details, with a similar scam last year prompting domain name renewals being mailed to hundreds of businesses.

A recent report from anti-virus software company Norton has revealed the impact of cyber attacks on Australian SMEs, with one in five small businesses being affected by cyber crime. More than 1000 Australian SMEs were surveyed in the report.

DiscoverAnti-spam techniquesMalware

Though it can be easy to discredit the impact of a ransomware or phishing attack, the report reveals SMEs suffer losses on average of $6600 per cyber attack.

Fifty-two percent of cyber attacks came from email phishing scams, and 28% of them came from ransomware attacks. In these ransomware attacks, critical business information is commonly put under lockdown, and 31% of those surveyed stated they would not last a week without critical business information.

“A lot of businesses don’t know what to do, don’t understand their options, and don’t have the right security in place to combat a ransomware attack – so they pay the ransom,” director of Norton Business Unit in the Pacific Region Mark Gorrie said in a statement.

“Unfortunately, when local businesses pay up it fuels the proliferation of this style of attack, and our research showed some SMBs paying ransoms of more than $50,000.”

Automatic backups a must

To minimise the impact of these sorts of attacks, cyber security expert at Sense of Security Michael McKinnon advises businesses back up regularly and automatically.

“You can’t rely on manual backups. Bringing in an external hard drive once a month won’t work, you won’t remember to do it,” McKinnon told SmartCompany.

“Backups for businesses need to be cloud-driven, secure, and automatic.”

Only one in four SMEs back up their data no more than once a month, and only 24% use a cloud provider to complete their backups, according to Norton’s survey.

Many scams claim to come from government agencies such as the ATO or ASIC, or commonly used business services such as Australia Post, and McKinnon says this is to increase the number of users who click through.

“If you have a list of 10,000 emails as a scammer, you have to have a scam that has some relevance to most of them. Every business will have some level of dealing with the ATO or Auspost,” he says.

ASIC is aware of scams like the one sent out this week, and advises businesses keep anti-virus software up to date, and scan all suspicious-looking emails.

“Scam emails often appear at busy times of the year such as holiday and tax time, when it’s easy to overlook something suspicious,” ASIC commissioner John Price said in a statement on the issue.

McKinnon says businesses should prepare for the “inevitability” they will be hit with ransomware at some point.

“It’s a terrifying thing to happen to a business, but it will happen to even the most well prepared,” he says.