A new email scam from cyber hackers fraudulently impersonates the Spanish Social Security System electronic office
The Internet User Security Office (OSI) in Spain warns of a campaign of fraudulent emails impersonating the Social Security Electronic Office that is identified as a ‘Last notice tax settlement’.
The body of the email informs the Internet user that there is a non-payment on their part of tax assessments, in addition, they provide a link to download a report generated by the Immediate Supply of Information (SII, for its acronym), and when clicked, directs the victim to a website where a file is downloaded.
These emails can be identified by the following characteristics:
Misspellings, formatting errors, and bad wording of the message and subject.
The sender’s email is not official and may have endings like ‘br’ (belonging to Brazil) instead of the official ‘es’.
Clicking on ‘Download report’ downloads a compressed .zip file, called ‘TaxpayerXXXXXXXX.zip’ (XXXXXX are a sequence of numbers that can vary).
By executing the file, the device will have been infected with a Trojan that could carry out various fraudulent processes. if you have executed the file, the following processes are recommended:
Disconnect the internet from the affected device
Run the antivirus available on the device to perform a full scan and disinfection
If the infection hasn’t cleared up, consider resetting the device to factory settings
In case of doubt, consult directly with the company or service involved or with trusted third parties, such as the State Security Forces and Corps (FCSE) and the Internet User Security Office (OSI) of INCIBE.
Cyber attacks have been rated the fifth top-rated risk in 2020 and become the new norm across public and private sectors. This risky industry continues to grow in 2023 as IoT cyber attacks alone are expected to double by 2025.
read more: Andalucía invests 18 million to shield against cyberattacks