A few days ago, Incibe warned of a new phishing campaign in which they impersonated the social security identity to carry out a complex deception with which to jeopardize the security of users. Phishing is a technique by which a hacker (or group of hackers) impersonates a company or organization in order to deceive the victim and, generally, either get personal data from him or infect his PC with malware.
In this new campaign, pirates they pretend to be the Treasury, and inform the user, via email, of a problem with their personal data that has prevented them from processing their tax refund. This email reaches inboxes with the subject “We identify differences in your personal income tax”, and in the body of the message it invites us to download a document, which we must fill out and send, by the same email, to update our data.
Of course, even if they use the logo de Treasury, it’s all a lie. If we look closely, the email address used is strange, and it is the first thing that should make us suspicious. In addition, in the body of the message we can find some misprints such as, for example, the use of “imposto” instead of “tax”.
If you click on the link that appears in the email, you will download a compressed file to your computer, within which we can find a file. Apparently it looks like a PDF, since it uses the icon of this type of documents. However, if you look more closely, you will see that it is an .exe file. Bad business.
If you have run this file, your PC is already infected by a malware called “AutoIt v3 Script”. This malware is of the advertising type, and it will fill your computer with warnings and messages asking you to download all kinds of malicious programs. At first, the virus doesn’t seem to do much else.
What to do if you have received this email from the Treasury
The email may have reached our inbox in many different ways. Every little bit they leak huge is databases with email addresses. And these databases that end up in the clutches of hackers to carry out targeted attacks like these.
If you have received this message in your inbox, all you have to do is delete it or move it to SPAM. You don’t have to worry about more. However, if you have gone to the link that appears, downloaded the file, and run it, then you have a problem. It is essential to download an antivirus as soon as possible, scan your computer (and all computers on the network) and clean it to remove malware.
Finally, File a complaint with the State Security Corps and Forces. This way you will avoid having problems in the future if these pirates have taken over your personal data.
