Beware of phishing campaign impersonating the Policia Nacional

by Lorraine Williamson
phishing campaign

In a recent announcement from the Oficina de Seguridad del Internauta (OSI), internet users in Spain have been warned about a new phishing campaign impersonating the Policia Nacional. This campaign is designed to trick victims into downloading a malicious trojan malware, all under the pretense of responding to a judicial summons.

In a previous article, we reported on a cyberattack on Seville town hall. However, we must be aware, that cybercriminals don´t just attack large companies and organisations, they attack individuals too. In this article, we will delve into the details of this cyber threat and provide guidance on how to stay safe online.

The phishing campaign

The phishing campaign in question operates through fraudulent emails, with cybercriminals posing as representatives of the Spanish National Police. These deceptive messages are sent to users, urging them to click on a link to obtain more information about a supposed legal summons related to a filed complaint. However, this link doesn’t lead to an official application. Instead it initiates the download of a compressed .zip file. Inside this archive, victims will find two files: one in .txt format and another in .hta format. Both these files are then stored on the victim’s device, putting their security at risk.

phishing campaign

How to respond

If you’ve received an email seemingly from the Policia Nacional regarding a complaint but haven’t clicked on the link or downloaded the attached file, here’s what you should do:

  1. Mark the email as spam and delete it from your inbox.

However, if you’ve already downloaded the file but haven’t executed it, take the following steps:

  1. Disconnect the infected device from your home network to prevent the malware from spreading to other devices.
  2. Ensure you antivirus software is up-to-date, and run a comprehensive system scan.
  3. If you suspect your device is still infected, consider formatting or factory resetting it to remove the malware. Remember to regularly back up your data to avoid data loss.
  4. Take screenshots of the email and the files as evidence in case you need to file a complaint with relevant authorities. Online witnesses can also help verify the content of these proofs.

If you have any doubts about the authenticity of such communications, you can always contact the Spanish National Police or call the INICBE helpline at 017 for expert cybersecurity advice.

Cogesa Expats
phishing scam

Protecting yourself

To protect yourself from viruses and other cyberattacks, consider the following recommendations:

  • Be cautious of unsolicited emails, especially those claiming to be from official organisations.
  • Verify the sender’s email address and the format of the email before taking any action.
  • Never download applications from unofficial sources or click on suspicious links.
  • Keep your antivirus software up-to-date and perform regular system scans.
  • Educate yourself about common cyber threats and stay informed about the latest security updates.


The phishing campaign impersonating the Spanish National Police is a stark reminder of the importance of online security. By staying vigilant, following best practices, and seeking expert guidance when in doubt, you can protect yourself from such cyber threats and ensure a safer online experience in Spain.

By checking the file with malware detection tools such as VirusTotal and URLhaus, it provides us with information about the downloaded .hta file, identifying it as a Trojan.

phishing campaign

Stay safe, stay informed, and always be cautious when dealing with unsolicited emails and suspicious links. Your online security is paramount.

Images: @osi

You may also like