A fake malware-loaded email purporting to be from Queensland toll payment provider, go via, is hitting inboxes across the state.
The counterfeit toll statement notice email started hitting inboxes on a large scale on the morning of 7 August, according to email filtering company, MailGuard, which said the dodgy emails were “realistic-looking”.
According to MailGuard, the email advises that the recipient’s tax invoice is available for download. However, the ‘Download statement’ button hides a malicious JavaScript file.
The domain used in the malicious exploit, do_not_reply@ goviau. Co [altered], was registered in China early on 7 August, the email filtering company said – less than seven hours before the fake invoice began landing in inboxes.

According to MailGuard, tollway invoice fraud is on the rise this year, with go via’s brand being used previously by digital scammers. Meanwhile, a similar exploit attempted impersonating NSW Roads and Maritime Services in June.
In fact, the toll road company’s website offers a security warning about go via-branded email scams.
Go via’s warning comes as the Australian Securities and Investments Commission (ASIC) issues a fresh warning to Australians over scam emails hijacking its own branding.