The aim of the fraud is to obtain personal and banking information. / sur

Warning to Santander bank clients about attempts to steal passwords and identities

During its investigation, Spain's Internet Security Office has identified some of the fraudulent emails the cybercriminals are sending


Spain's Internet Security Office, which is part of the National Cybersecurity Institute (INCIBE), is warning of a campaign of fraudulent emails purporting to come from Banco Santander. Known as phishing, the technique consists of mass mailshots online, pretending to be a genuine business but with the intention of obtaining personal and banking information such as user names and passwords, addresses and credit card details.

The headings of the email messages usually contain words to attract attention, such as ‘invoices’, for example. The aim is to make the recipient open the email and follow the instructions given, which will download malware onto their device.

“If you have received an email like this but you haven’t downloaded anything, you don’t need to worry. If you have, this is what you should do to solve the problem. First, delete the downloaded file, whether it has been activated or not. Then, to clean up the computer and make sure it is protected, do a scan with an updated anti-virus,” advises the Internet Security Office.

During their investigation, they have found a series of email addresses associated with this fraud. The emails they have identified so far have as their subject matter:

• 2B6AF4 - EC297 - llegó tu factura - E68C-EBC2

• 38FC674A - 26D52856 - Factura Electrónica - 13BC-8C74

• 41352 - FA347 - Tu factura ya está disponible - B6AC-6CB1

• 6D3723E894 - A1ED9EABC2 - Factura Vencida - 12EF-CE81

• 8A4576691 - 6CA22CF6A7 - Pago pendiente - F41D-A7C6

In the body of the message, the recipient is informed that they have a new notification and in order to look at it, they must access their documents by clicking on a button. If they click on the button 'Acceda a mis documentos' (access my documents) a zip file will automatically be downloaded. This contains malware identified as Grandoreiro, a banking Trojan which could enable the cybercriminals to perform actions such as manipulating windows, logging keystrokes and obtaining addresses from the victim’s browser.