“Hello, [nombre del cliente]Thank you for using the electronic invoice. You can now check your last invoice“. Reading that in an e-mail, together with the Endesa logo, the invoice download link, the links to Endesa’s mobile apps… does not seem to be something to be distrusted.
But as always happens in these cases, yes, we must be wary.
The Civil Guard echoed yesterday on its Twitter account a notice from the Internet User Security Office notifying the existence of a new malware dissemination campaign through fraudulent e-mails.
In this case, those affected are Endesa customers (and generally anyone who ‘just in case’ ends up opening the attached file).
As reported by the OSI, the email intends to impersonate the identity of the energy company, with the aim of install a ‘banking Trojan’ known as Grandoreiro (we have already told you about him before) on the victim’s device.
In the body of the message, the recipient is informed that they can now download their invoice for the period between March 31 and April 25 through a link included in the body of the message. And therein lies the purpose of this malicious e-mail…
Ransomware: what it is, how it infects and how to protect yourself
Where lies the danger of this e-mail?
…in encouraging us to download the supposed invoice, apparently contained in a compressed file (.zip), which will lead many users to execute the only file contained in the ZIP, which is really an executable (.msi) that will unleash the infection once we open it.
And, once Grandoreiro is circulating in our system, it will start to track financial information and passwords stored on our hard drive to forward it to cybercriminals.
It is enough that we do not double click ‘without rhyme or reason’ after opening the ZIP: if we bother to look, we will see that the file it contains does not have the type of file extension (.pdf) What would be expected in this case?
So remember, as we always remind you, always check that
- Every file you download is from expected format in each case.
- Your antimalware application is updated.
- Use a password manager to make it difficult for bank Trojans to access them.
- Check the sender of each e-mail we receive be who you say you are.
In Genbeta | How to know the electricity consumption of your home in real time online to save on the bill and experiment with curiosity