It's the second major malware campaign targeting toll users – emails masquerading as Queensland Go Via invoices.
A large-scale malware campaign is posing as an invoice notification from Transurban’s Queensland Go Via tollway operation. According to email security provider MailGuard, the campaign started this morning (on 7 August).
Clicking the 'Download statement' button runs a malicious JavaScript.
Clues that the email isn't what it seems include a generic “Dear Customer” salutation, and the use of a newly-registered domain (govia.co rather than govianetwork.com.au).
MailGuard noted that the email was free from the grammatical errors that so often provide an indication that a message is bogus.
It’s not the first time Go Via has been used in an email scam, the company observed, adding that a “well formatted” and well-written email posing as a toll statement from NSW Transport, Roads & Maritime Services was used in a malware campaign two months ago.
