The spam emails sent this morning to "tens of thousands of addresses" purport to be company name renewal reminders from the Australian Securities and Investments Commission (ASIC), according to MailGuard.
"The link was not being detected as suspicious by any of 64 well-known antivirus engines on Google-owned aggregator VirusTotal when MailGuard intercepted the email this morning."
Two characteristics of the email provided strong clues that it was fake: the text was generic rather than addressing recipients by name, and it was sent from the asic-gov-au.co domain rather than asic.gov.au.
In addition, it was supposedly sent by "Max Morgan, Senior Executive Leader" at ASIC. "No such employee appears to exist at the commission," observed McDonald.
ASIC and other well-known organisations are often used as cover for fraudulent emails. Others include the ATO, Australia Post, the major banks, and courier companies.
An example of one of the fake emails, courtesy of MailGuard.
So be especially wary of emails apparently from such sources. Would you expect to receive an email from that organisation? Does it address you by name?
If you have the slightest suspicion that an email is not what it seems, avoid clicking any links or opening attachments - instead go directly to what you know to be the genuine organisation's web site, ignoring any domain names shown in the email.
Keeping your anti-virus software up to date is also a good idea, but as this example shows that does not provide foolproof protection. Mail filtering services such as that offered by MailGuard may provide an additional and sometimes more timely line of defence.