Menu
Menu
NSW hit by Roads & Maritime Services email scam

NSW hit by Roads & Maritime Services email scam

Campaign looks to download malicious file of unknown nature

Residents of New South Wales (NSW) have been hit by a new email scam masked as a direct email from the State’s Roads & Maritime Services department.

The attack is the second in a week impersonating a government agency, following the Australian Securities & Investments Commission (ASIC) scam which targeted tens of thousands of addresses.

The cyber criminal campaign has been described by email filtering company MailGuard as “well formatted and not easy to spot as a fake."

The company said it mimics an ‘E-Toll account statement’ and carries the actual branding for Roads & Maritime, the logo for NSW Transport, Roads & Maritime Services, and a realistic privacy statement, recycling message and other appropriate language.

According to MailGuard, the first emails were intercepted around midday AEST on 6 June and attempt to deliver a .ZIP file which contains a malicious JavaScript file.

A sample email from the scam campaign (Source: MailGuard)
A sample email from the scam campaign (Source: MailGuard)

The emails are designed so that the sender display name changes in each email, followed by the word E-Toll, for example ‘From: Rosalee E-Toll.’

But one of the key giveaways for those on the lookout for malicious emails is the addresses - or lack thereof.

“While this scam is well executed with accurate branding and language, it doesn’t address recipients by name, rather it is simply addressed to ‘Dear Valued Customer,’ nor does it carry any other personalised information,” MailGuard said in a statement on the company website.

“It’s simply signed off by the E-Toll team. Those who click the link inadvertently download a malicious JavaScript file housed within a zip file.”

MailGuard added that while the exact type of malware isn’t clear, it could be anything from a virus to ransomware.

Cyber criminals are expanding spam campaigns to the point that a number of these “well-crafted attacks” have occurred in the last few months.

On 10 May, emails carrying Origin Energy Branding and featuring the subject heading, “You Origin Electricity bill”, hit Australian inboxes in a similar scam designed to get the recipient to download malicious files.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

Tags spamemail scammailguardNSW Roads & Maritime Services

More about Maritime ServicesOriginOrigin EnergyTransport

Show Comments
Computerworld
ARN
Techworld
CMO