Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Fake toll tickets drive malware to Queensland inboxes

Leon Spencer | Aug. 11, 2017
go via brand hijacked in fresh malware wave.

Scam alert
Credit: Shutterstock 

A fake malware-loaded email purporting to be from Queensland toll payment provider, go via, is hitting inboxes across the state.

The counterfeit toll statement notice email started hitting inboxes on a large scale on the morning of 7 August, according to email filtering company, MailGuard, which said the dodgy emails were "realistic-looking".

According to MailGuard, the email advises that the recipient's tax invoice is available for download. However, the 'Download statement' button hides a malicious JavaScript file.

The domain used in the malicious exploit, do_not_reply@ goviau. Co [altered], was registered in China early on 7 August, the email filtering company said - less than seven hours before the fake invoice began landing in inboxes.

A sample of the dodgy email (MailGuard)
A sample of the dodgy email. Credit: MailGuard

According to MailGuard, tollway invoice fraud is on the rise this year, with go via's brand being used previously by digital scammers. Meanwhile, a similar exploit attempted impersonating NSW Roads and Maritime Services in June.

In fact, the toll road company's website offers a security warning about go via-branded email scams.

Go via's warning comes as the Australian Securities and Investments Commission (ASIC) issues a fresh warning to Australians over scam emails hijacking its own branding.

"Some customers continue to receive emails claiming to be from ASIC, containing attachments or links to fake invoices," the corporate regulator said in a statement on 7 August.

"These fake emails appear similar to ASIC emails and generally instruct the recipient to click on a link or download an invoice."

MailGuard revealed in early July that it had seen a massive wave of emails purporting to be from ASIC and loaded with malware start filling inboxes around the country.

The attack began just after the start of the working day on 10 July and quickly escalated to become one of the largest-scale malware deliveries to be identified by MailGuard within the past year, the company said at the time.

 

Sign up for MIS Asia eNewsletters.