“Do not click on this link”

“Do not click on this link”

The Inmate Security Office (OSI) has recently detected a campaign of fraudulent emails impersonating Social Security. Therefore, you must be very careful and be very attentive to the messages you may receive.

This scam, known as ‘phishing’, pretends that the user clicks on a link that redirects to a web page where a file is downloaded. ‘malware’ that will infect the victim’s device if it runs it. In this case, it is used as a hook that there is a “Non-payment of a tax assessment”.

The Ministry of Inclusion, Social Security and Migrations has released a notice through its Twitter account: «Do not click on unknown links or those of whom you are not sure of their fate.

The OSI indicates that the emails are identified with the subject ‘Last notice tax settlement’although “it is not ruled out that there may be emails with other subjects with similar characteristics or even smishing campaigns.”

As for the message textthe user is informed that there is a non-payment on his part of tax assessments and, then, he is provided with a link to download a ‘report generated by the SII. By clicking, the victim is redirected to a website, where a file is downloaded.

From the OSI, they explain some characteristics of this type of emails that can be used to avoid falling for the scam.

  • possible spelling mistakesformatting errors and bad wording of the message and the subject.

  • The sender’s email is not official and may have endings like ‘br’ (from Brazil) instead of the official ‘.es’. If it were a web page belonging to a Spanish entity, could never end with an extension from another country. Therefore, if everything that continues after ‘@’ is not the same as that of the official entity (seg-social.es) it already indicates that it is not reliable.

If you click on the link, a compressed .zip file is downloaded, which is named ‘TaxpayerXXXXXXXX.zip’ (where the XXXXXX appears a succession of numbers that can vary).

By executing the file, the device will have been infected with a Trojan horse that could carry out different fraudulent processes.

What to do if you receive this email?

If an email of these characteristics has been received, but the link was not clickedthe OSI explains that you have to mark it as spam and delete it from the inbox.

Secondly, if the file has been downloaded, but has not been executedit should be removed from the download folder “as soon as possible”.

Nevertheless, if the file has been executed, the device may have been infected. The OSI recommends a series of steps to follow.

  • Disconnect the internet from the affected devicethus, if it really is, it will not be able to spread the ‘malware’ to other devices connected to the Network.

  • run the antivirus that your device has to carry out a complete analysis and disinfection.

  • If the infection has not cleared up, consider the option of format the device to factory settings. This option will cause the loss of all existing data and documents on the device, so it would be advisable to make a backup copy of them.

  • In cases of doubt, consult with the company or service involved or with trusted third partiessuch as the State Forces and Bodies (FCSE) and the Internet User Security Office (OSI) of INCIBE.

The OSI insists on the importance of do not click unknown links or whose fate is not certain. “Type the organization’s URL directly into your browser instead of reaching it through links available from third-party pages, in emails, or text messages,” he advises.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News

Editor's Pick