A spam campaign has been found targeting users of the Australian Securities and Investments Commission (ASIC). People are being sent phishing emails, claiming to be authentic communications from ASIC. The emails claim that the users need to renew their business name registration, which is due to expire in the next two months. It then instructs users to click on a link to access a renewal notice that contains their business name, registration number and Australian Business Number. The link leads to a malicious .zip file, containing a malicious JavaScript file that first attempts to download an encrypted payload from a remote server. Once executed, the payload will provide the hackers with remote access to the victim’s computer. The hackers will then be able to install key loggers, steal sensitive information or even hijack control of the machine.
The email is especially dangerous because it is targeted. It specifically mentions the recipient’s business name, making it look more authentic. Companies receiving these emails should delete them immediately, as ASIC will not send unsolicited emails requesting renewal fees, nor will ASIC request credit card or personal details. This incident clearly highlights the importance of remaining vigilant and raising awareness within organisations to detect and react to phishing attempts. Otherwise, organisations will continue to fall prey to such attacks.