Have you received this email from the Ministry of Economic Affairs? It is a hoax to spread a Trojan
Email is one of the most common ways for cybercriminals to distribute all types of malware and theft over the internet. Follow these recommendations to avoid falling into the trap.
On behalf of a large company or institution, claiming that it is an important invoice and using personal data, this email may seem very real, but it is not. This is a new phishing campaign that can endanger our team.
The National Institute of Cybersecurity or INCIBE alert of a new scam that has been detected in the network. The email pretends to be a bill from the Ministry of Economic Affairs and Digital Transformation (MAETD), so it is focused on companies and freelancers who may feel obliged to download the file it contains.
Cybersecurity experts warn that the main security threats enter companies due to employee errors, especially now that teleworking has grown very quickly and there are not all the security measures that may be in an office at home . That is why it is important that everyone, employees and bosses take the more protective measures the better.
This email in question is usually addressed to a specific person with the subject «XXXXX – An electronic invoice». The text includes several links that seem to lead to the fiscal.es website, but all end up leading to the download of a file that contains malware or malicious code.
The malware in question behaves like a Trojan that infects the computer and allows cybercriminals to steal sensitive information from the victim and the target company. These types of computer attacks are as frequent for company employees, as for ordinary users who steal their banking information, for example.
Even if you are waiting for an email from the Ministry in question or a similar invoice, it is important to check all the details of the email before relying on it and clicking on the links or downloading any files. The email address, the way it is written and other details can give us the clue that we are facing a false message.
Before clicking on any link, check that the url is correct, without errors or a strange name, just by placing the mouse over the link the browser already shows the full address. Also, if you have any questions, it is better check with the sender through their official website to use the links in the mail.
INCIBE has a telephone line for this type of case where there are doubts about the veracity of a message. It is always convenient alert the authorities like the Civil Guard when we find an online scam, so that it is investigated and the rest of users are alerted.