From the National Institute of Cybersecurity (INCIBE) they are once again warning of a campaign to send fraudulent emails that use social engineering techniques, some of them impersonating known entities, which try to trick the user into downloading a compressed file in .zip format containing malware. Today a notice of a new phishing campaign has been launched through emails impersonating the Tax Agency. The message informs the user of an alleged tax action registered in its database and to consult it provides two access links to the Electronic Office that download a malware file. Mail impersonating the Tax Agency seeking to download your data An e-mail campaign impersonating the Tax Agency has been detected, the aim of which is to trick the user into clicking on any of the links. Supposedly the links lead to an electronic headquarters of the Tax Agency where the user can consult the details of a tax action registered in a database. The identified email campaign circulates under the subject ‘Fiscal action’, although it is not ruled out that there are other emails with similar subjects. In this campaign, the emails can have subjects such as: Fwd: Fiscal Action Fwd: Tax Service – Nº (******) In all of them, the body of the email urges to download some type of document or file with different pretexts , which actually redirects to downloading an infected compressed file. The email message is characterized by: Containing images of official logos that try to give more credibility to the email Facilitating a link that pretends to belong to the electronic headquarters of the Tax Agency, but which, when clicking on it, redirects to a domain that downloads the malware.Do not contain large spelling errors as is usual in these cases.Use a domain in the sender’s email (the part that goes after the @) with words related to the purpose of the fraud, such as “tax-agency26” that does not belong to the official domain of the Tax Agency. We must remember that the email is quite easy to falsify. Get our attention when approaching the period to present the income statement for fiscal year 2020. What to do in case of receiving these emails? If you have downloaded and run the malicious file, your device may have been infected. To protect your computer, you must scan it with an updated antivirus or follow the steps that you will find in device disinfection. If you have not run the downloaded file, your device may not have been infected. All you have to do is delete the file that you will find in the download folder. You will also need to trash the mail from your inbox. In case of doubt about the legitimacy of the email, do not click on any link and contact the company or service that supposedly sent you the email, always through their official customer service channels.
Be careful when making the rent! A malicious email is trying to impersonate the Tax Agency
- Advertisement -