Lorraine Williamson
The Spanish Office for Internet Security (Oficina de Seguridad del Internauta – OSI) has issued a high-priority alert regarding a fraudulent phishing campaign targeting users in Spain.
Fraudsters are impersonating well-known energy companies, including Endesa, Iberdrola, and Naturgy, sending fake bills to install malicious software on devices. Here’s what you need to know to protect yourself.
How the fraudulent scam works
These phishing emails typically claim there is an unpaid energy bill and provide a download link or attachment for viewing the “invoice.” The attached file is often compressed in a .zip format, containing an executable file designed to infect your device with a malware known as Grandoreiro.
Warning signs of the phishing emails:
- Unfamiliar sender: The email address often looks suspicious or differs from official communications.
- Generic messaging: Emails use generic salutations rather than personal names, raising doubts about their authenticity.
- Replicated logos and colours: Fraudsters use company logos and colours to make emails look official, but this alone doesn’t verify legitimacy.
How to respond if you receive one of these emails
OSI recommends different actions depending on how far you’ve interacted with the email:
If you received the email but did not download the attachment
- Mark as spam: Flag it as spam or junk mail to prevent future emails from the sender.
- Report the incident: Consider reporting the email to OSI’s incident department to help them track the scam and warn others.
If you downloaded the attachment but did not open it
- Delete the file: Locate the downloaded file and delete it from your device.
- Empty the recycle bin: This ensures the file is completely removed from your system.
If you downloaded and executed the file
Your device may be infected. Here are the critical next steps to minimise the spread of the malware:
- Disconnect from your network: Prevent the malware from spreading to other devices on your network.
- Run a full virus scan: Use up-to-date antivirus software to detect and remove the malware. If the scan is unsuccessful, consider reformatting your device, though this will delete all data.
- Collect evidence: Capture screenshots of the email or download link for reporting purposes. Retain a copy of the email for further investigation, or use online tools to verify and document the evidence if you plan to report it to local authorities.
Protecting yourself from future attacks
Phishing scams frequently target users with emails impersonating utility companies. If you’re ever uncertain about the legitimacy of an email, OSI advises visiting the official websites of Endesa, Iberdrola, or Naturgy and checking their anti-fraud sections. These sections provide information on identifying and reporting scams.
What Is Grandoreiro?
Grandoreiro is a type of banking trojan primarily targeting Spanish-speaking users. Once installed, it aims to steal personal information from infected devices, which cybercriminals can then exploit in future scams. Fraudsters send out these phishing emails en masse, hoping recipients will download the malware disguised as an invoice.
Remain vigilant against phishing attempts by examining email senders, spotting generic greetings, and avoiding direct downloads of files that claim to be invoices. Always verify suspicious emails with your utility provider before taking any action. Following OSI’s guidelines can help protect your device and personal information from malicious attacks.
Also read: SMS scam posing as your bank