Fake ACCC ‘Complaint’ Emails Point To Ransomware

Emails purporting to be from the Australian Competition & Consumer Commission (ACCC) claim that a complaint has been filed against your business.

Brief Analysis:
The emails are not from the ACCC and the claim that a complaint has been filed against you is untrue.  Links in the emails open a website that contains ransomware. If you receive one of the emails, do not click any links or open any attachments that it contains. The ACCC has published a warning about the malware emails on its website.

Fake ACCC Complaint Email

Detailed Analysis:
Malware emails that claim to be from the Australian Competition & Consumer Commission (ACCC) are currently targeting Australian businesses. The emails claim that a complaint has been filed against your business and you have ten days to file a rebuttal should you choose to do so. They contain a link that you can supposedly click to view a copy of the complaint.

The link is disguised to make it appear to be a harmless PDF. However, clicking the link downloads a .zip file that contains a malicious file inside. If opened, this file will install ransomware on your computer. Once installed, the ransomware will encrypt the files on your computer and then demand that you pay a fee to online criminals to obtain a decryption key. However, even if you decide to pay, there is no guarantee that you will receive the key. And, even a skilled computer technician may not be able to retrieve the locked files without the decryption key.

The ACCC has published a notice warning about the emails on its website.

Bogus ‘complaint’ emails have been used to distribute malware for several years. Other versions have falsely claimed to be from America’s Federal Trade Commission (FTC) or from the Better Business Bureau. Again, the emails ask you to click a link, ostensibly to view details of the complaint. As with the ACCC version, clicking the link downloads malware.

If you receive one of these bogus complaint emails, do not click any links or open any attachments that it contains.

An alternative version of the fake ACCC emails asks the targeted business to pay a fee to cover an infringement notice for an alleged breach of copyright.

Note: Image of malware email above courtesy of the ACCC

Last updated: July 15, 2016
First published: July 15, 2016
By Brett M. Christensen
About Hoax-Slayer

Beware of business scams impersonating the ACCC
Malware Threat Articles
FTC ‘Consumer Complaint Notification’ Malware Email
Better Business Bureau ‘Complaint Received’ Malware Emails