We’ll show you how to spot the scam and what to do if you’ve received the email or run the file.
In recent days the Civil Guard has warned of a scam that impersonates the SEPE (State Public Employment Service). This consists of a fraudulent email sent by criminals that includes a compressed file that is a Trojan, which is intended to steal banking information from the device you download it on. The email lies stating that it is a PDF of a work process.
How to detect it
The Civil Guard has published a post on X, a social network formerly known as Twitter, in which it warns of the new scam. This begins when we receive a email from a supposed official SEPE account, belonging to the Ministry of Labor. The INCIBE portal (National Cybersecurity Institute) expands the information on this, which we present below.
⚠️#WARNING ❗Detected campaign of #malware that impersonates the SEPE under the pretext of sending a notification of an alleged labor process.#NoPiques is #phishing , download file with malicious code. 👇https://t.co/BV8EjQJ2Ad pic.twitter.com/HOg05ixoCY
— Civil Guard (@guardiacivil) February 2, 2024
The subject is “Ministry of Labor – (recipient’s email), Extrajudicial Notice of Justice”, although the use of other similar ones is not ruled out, as is a change in the date of action, the process number or the email of the recipient. Despite possible variations in this detail, Its operation is similar.
The body of the message notifies the recipient that they have a labor process still to be resolved, so you are urged to do so. The way to check which one it is and download the documentation is through a PDF embedded in the email. The email has a link above the text “Download PDF”. It wants us to click on it to download the process, but, really, when we click on it, we will download a compressed file of a trojan.
According to INCIBE analysis, it is a malware called Ousaban. It is a banking Trojan whose objective is to steal your credentials and financial informationin order to steal your money.
A detail that reveals that it is a scam is that, in the body of the text, it indicates that “the competent body is the Ministry of Labor Justice”. There is the Ministry of Labor and Social Economy and the Ministry of Justice, but not a combination of both.
What to do before him
we must act in one way or another depending on what we have done when receiving the email. If we have received it but we have not downloaded anything, or we have not even opened it, it is best to delete it directly. If you downloaded the file but did not run it, delete it from your device and also from the recycle bin, if it is a computer.
What happens if we download it and run it? Then we will explain to you step by step what to do:
- Disconnect the device you ran it on from your home networkthat is, from the Internet, whether you use WiFi or are connected by cable.
- Perform a full scan with an antivirus to disinfect it.
- Gather all possible evidence – screenshots, the email itself, its address, etc. – to file a complaint with the State Security Forces and Bodies. If you have doubts about the authenticity of the email and want them resolved, you can go to a SEPE office in person.
Aside from eliminating the virus, INCIBE also suggests format or factory reset the device. If it is a mobile phone, here we explain how to do it. Be careful, it is not necessary in all cases; In addition, it will delete your stored data, unless you have a backup copy.
To always be up to date with the latest in technology, subscribe to our official and verified Andro4all channel on WhatsApp.