New alarms point to SEPE impersonation: do not answer these fake emails
On many occasions, we do not stop to think about the number of emails we receive daily, whether it may be because we are subscribed to different newsletters or because we receive some type of misleading advertising. Recently, cybersecurity organizations warn of a malware that impersonates the SEPE and steals all our data. This is how you should stop it.
In the digital era we live in, cyber attacks do not stop and anyone who has access to the Internet is exposed to new episodes of cyber attacks. In this context, cybercriminals attack again using the same techniques as always, but changing their arguments and their prey.
This time, they have supplanted the SEPE (State Public Employment Service) with the main objective of getting users to access a malicious email and give up all their personal information. To avoid falling into the trap, cybersecurity experts have implemented a series of tips that you have to put into practice as soon as possible.
SEPE impersonation: how to detect it
He INCIBE (National Cybersecurity Institute) and the OR IF (Internet Security Office) have just identified a new campaign of fraudulent emails that impersonate the SEPE using the technique of phishing. To achieve this misdeed, hackers use social engineering with a notification that serves as a pretext to fall into the trap and have the user click on one of the suspicious links.
The link is in PDF format that contains an executable .exe file with malicious code that infects the device. Its about Ousaban malware a banking Trojan capable of injecting itself into your computer and stealing all your credentials.
Likewise, to detect this email, it is important to know the affair of the same that they send attached to the recipient:
In the following image shared by several affected users you can see the logo of the Ministry to which the SEPE belongs to try to mock the victims, but there is a typo in the text stating that they belong to the Ministry of Labor Justice which does not exist in Spain.
How to act against fake emails?
Citizen cybersecurity services have shared a set of solutions to resolve this problem quickly, whether you have skipped the email or accessed the corrupt file.
On the one hand, if you have received the SEPE email but have not downloaded the supposed PDF, you should block it or mark it as spam and delete it immediately from your inbox.
If by some chance you have clicked on the link and downloaded the file, but you have not managed to open it, you have to delete it from your desktop and also from the recycle bin. You can always run the antivirus so that no traces of malware remain on your PC.
But if you have downloaded the file and executed them, it is recommended to carry out the following instructions:
- Disconnect Internet from your computer to prevent the spread of malware to other devices.
- Perform a full scan with your antivirus program to disinfect the system, in addition to keeping it updated.
- You will have to format the device and factory reset it to delete all data that may have been stored and could harm your privacy.
- Collect sufficient evidence through captures or documents to take them to a police office and report your case.