Guardia Civil warns of scam Treasury email campaign

Guardia Civil warns of scam Treasury email campaign

The scammers attempt to get users to download malware to their devices by making them believe they have pending documents to present


Thursday, 31 March 2022

One week after the Spanish Tax Agency opened the period for declaring income tax - between 6 April and 30 June - the Guarda Civil has alerted people through its Twitter account to an online scam. The force warns of an email campaign claiming to be from the Ministry of Finance with the aim of getting members of the public to download malware to their devices, by making them believe they have pending documentation to present.

The national Internet Security Office has explained that this new phishing scam is difficult to detect since the email is apparently verified and contains the subject line 'Digital Tax Receipt - Ministry of Finance and Public Administration' or similar. Inside the message, people who still have documentation to submit are told to click on a link, that will direct them to a malware file.

If you click on the link saying: ‘'Descargar todo archivos adjuntos (236 kb)'’ or on the image in the email, a .zip file containing the malware will be automatically downloaded on your device.

At the moment, the email does not contain an official logo, but it cannot be ruled out that a more sophisticated version may be sent out with the same subject. The aim is to capture the user’s attention and get them to download the malicious file under the pretext it is in their best interest.

The Office of Internet Security warns that you have to be alert to detect these kinds of emails. It also adds: “They are characterised by thumbnail photos pretending to be attached documents masking the fraudulent link”.

The address from which the file is sent is usually very close to that of the official entity, as this is easy to falsify.

The messages are usually hard to spot as they don’t contain many errors.

The office warns those that have already followed the link that they may already have the malware installed on their device and say it is important to uninstall and delete the file, scan the computer with a good antivirus program and clean any dangerous files from the device.

If you have received the email but not clicked on the link, simply delete the email.



Noticia patrocinada


Reporta un error en esta noticia

* Campos obligatorios