the fraudulent email with malware that takes advantage of the Income 2020 campaign to impersonate the Treasury



The National Cybersecurity Institute has detected a campaign to send fraudulent emails that impersonate the Tax Agency and take advantage of the start of the Income 2020 campaign to spread malware.



The messages that the government entity has located they arrive with the subject "Fiscal action" and potential victims could confuse fraud with procedures such as consulting tax data.






Both the button that supposedly gives us access to the electronic headquarters of the Tax Agency and the PDF that in theory we could download by following the link in this email are false




In the body of the email, with misprints and grammatical errors, they explain that the reason for it "refers to a tax action" registered in the database of the Ministry of Finance and that to access the alleged information, you have to access the electronic headquarters through a button contained therein or by downloading a PDF also linked.



Something that is false and that you should not do. It is the same story of other previous impersonations of the Tax Agency itself, the DGT or logistics companies.



The malware is one click away




At impersonation



Both the button that supposedly gives us access to the electronic headquarters of the Tax Agency and the PDF that in theory we could download by following the link in this email are false. It does not matter if we click on one site or another because the result is the same: the malware linked to this campaign will be downloaded to our computer in the form of a zip and with a name made up of nine random numbers.



The malicious program in question is of type scareware and is called Trojan Cryxos. Its main function is to display fraudulent notifications and alerts that tell the user that they have been infected by a virus and the computer has been blocked. The attackers' intention, they explain from INCIBE, is to steal the victim's personal data.




The main function of 'malware' is to display fraudulent notifications and alerts that tell the user that they have been infected by a virus and the computer has been blocked










Income 2020: check your tax data online to be ready for this year's income tax return





If any user unzips the file and executes its content, it could infect their computer, so If this has happened, it is best to carry out a scan of the device in question with a trusted antivirus and follow the instructions that it offers when it detects the malicious program.



As we always recommend, before the slightest doubt in front of an email or a text message we must exercise extreme caution and do nothing with them beyond deleting them, especially when they are from unknown users or on unsolicited matters. We must be wary of this type of email and make sure that it is legitimate or not through other means that do not involve interacting with the messages, their links and attachments, before opening or clicking on them.