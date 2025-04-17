Screenshot of the video shared by Movistar on its social media networks.

An EAE business school report from October 2024 revealed that almost half the people in Spain had been victims of a cyber scam (or attempted scam) in the last year. One of the most widespread fraud techniques is 'phishing', used to obtain confidential information from users, or to install malicious software ('malware') on their devices.

To achieve their aims, criminals often circulate mass email campaigns impersonating companies, public bodies and other entities.

Recently it has been the Spanish telecoms giant Movistar that has reported fraudulent mailings in its name, although the company warns that they are part of "a broader pattern of fraudulent campaigns" that also include false notifications about fines, debts with the tax office or unexpected credit card charges, among others.

"Warning! New phishing campaign detected impersonating Movistar. If you receive an email stating that you have unpaid bills, they are probably trying to infect your device with malware. #Digital Security", warns the 'teleco' on its communication channels with its customers.

The warning is accompanied by a video explaining how this fraud attempt works. "You receive a misleading email from a sender trying to impersonate Movistar, indicating that you have a large amount outstanding. When you click to see the details of the bill, you are directed to a page to download a PDF document that contains a malicious hidden file that could infect your computer".

The company explained that if fraud has been detected, "mark it as 'spam' and delete the email. If you have any doubts, consult the My Movistar section of the web site, the app or our official customer service channels".

Otherwise - if the PDF document has been downloaded and executed - "check with an antivirus for any malware that may have been installed and clean your computer". The message concluded with a warning: "Do not access websites where you have to enter your personal data", and which encourage you to share it with friends and family.

The most frequent cases of phishing

Spain's Incibe national institute of cybersecurity, explained the most frequent cases of 'phishing':

-Banker: impersonate a financial institution to obtain information under various excuses, such as account blocking, suspicious account activity, supported charges, etc.

-Public entities: the hooks for the user to fall into the trap usually have to do with tax refunds, payment of traffic fines, or obtaining subsidies, among others.

-Private entities: they capture the attention of potential victims with subjects and messages "that often appeal to their feelings". Among the most impersonated companies are electricity companies, courier and transport companies, telephone operators, social networks, shops and supermarkets...

The characteristics of the messages

Often the messages come from unknown senders who are not associated with the company or entity they supposedly represent. They contain grammatical and spelling errors: this is one of the clues to a scam.

Sometimes they also ask for data (passwords, PINs, IDs, etc.) that a legitimate company would never request through this medium. Or they contain links to fake or malicious websites, or attachments that may contain malware or viruses.

And something that is almost always present in this type of mailings: a sense of threat or urgency. Cybercriminals encourage the user to take quick action in an unreasoned manner. Otherwise, they risk undesirable consequences, such as security problems, account closure, a fine, etc.