A fake malware-loaded email purporting to be from Queensland toll payment provider, go via, is hitting inboxes across the state.

The counterfeit toll statement notice email started hitting inboxes on a large scale on the morning of 7 August, according to email filtering company, MailGuard, which said the dodgy emails were “realistic-looking”.

According to MailGuard, the email advises that the recipient’s tax invoice is available for download. However, the ‘Download statement’ button hides a malicious JavaScript file.

The domain used in the malicious exploit, do_not_reply@ goviau. Co [altered], was registered in China early on 7 August, the email filtering company said – less than seven hours before the fake invoice began landing in inboxes.

A sample of the dodgy email (MailGuard)
A sample of the dodgy email (MailGuard)

According to MailGuard, tollway invoice fraud is on the rise this year, with go via’s brand being used previously by digital scammers. Meanwhile, a similar exploit attempted impersonating NSW Roads and Maritime Services in June.

In fact, the toll road company’s website offers a security warning about go via-branded email scams.

Go via’s warning comes as the Australian Securities and Investments Commission (ASIC) issues a fresh warning to Australians over scam emails hijacking its own branding.