If you receive this message impersonating this electric company, be careful! They are trying to install malware on your electronic device
A new scam is circulating in Spain. He National Cybersecurity Institute (INCIBE) has had to launch the alert about a new campaign malware distribution via emails who are supplanting the electric company Endesa. This is not the first time that they have impersonated a well-known company in our country to try to deceive users.
On this occasion, cybercriminals aim to make users they download a file that is infected and they camouflage it as if it were an Endesa invoice. “The message informs that the user can download their invoice, which is attached to the email as a compressed .zip filebut in reality the file contains malicious code,” reveals INCIBE.
This is the scam that impersonates Endesa
The INCIBE notice details that the campaign is using a Trojan called Metamorph either Ousabanwhich is specialized in stealing banking data and financial credentials. In the message that some people are receiving, according to this institution, you can read that “the invoice is accessible and that the responsibility for subsequent actions, including payment, lies with His Honor.” It is precisely this last phrase that has raised suspicions that it is a very suspicious message.
On the other hand, the emails are identified with the following matters:
- Pay your bill online quickly and securely.
- Open debit Avoid interest and fines.
- Overdue invoice.
- Keep everything up to date your invoice is open.
- Open invoice see details.
- Overdue Invoice Access to generate 2 via via with interest.
- Do not ignore this notice on your bill.
- Don’t miss the date! Your bill is due soon.
- Unpaid invoice Avoid suspension of service.
- Delinquency alert-immediate regularization.
- Send to 2 via via ticket for your invoice.
- Payment per day! Your invoice is now available.
- Important reminder about your bill.
- Your invoice is available for payment.
- Overdue invoice regularize right now.
- Imminent blockade: regularize your bill now.
- Importantly, your invoice is still open and with charges.
- Your account has a pending payment
A detail that cannot be overlooked is that the sender of the email, It does not have a domain that corresponds to the Endesa official. What they want is for the person who receives the email to download that supposed invoice, decompress the .zip file, and then execute an .msi file that contains the malware.
What to do if the file has been downloaded
If the file has been downloaded, the device on which it was done may be infected. If so, INCIBE has launched a series of recommendations and steps to follow. The first of all is isolate that equipmentthat is, “disconnect the device from your home network so that the malware cannot spread to others.”
It is essential perform a scan with the updated antivirus. If it is still infected, it will have to be formatted or reset to be able to remove the virus. Keep in mind that if you do this, the data will be lost. For this reason, it will be necessary make a backup to be able to keep all the information that we want to keep.
Save all the evidence, taking screenshots or saving the emails that have been received to file a complaint with the authorities. “You can help yourself with online witnesses and certify the content of the evidence,” explains INCIBE. On the other hand, remember that whenever there are doubts about communications from a supply company, you can go to official channels and check their veracity.
