By Chris King • 10 February 2023 • 23:50
Image of what a cybercriminal could look like.
Credit: Fam Veld/Shutterstock.com
Internet scams unfortunately are the order of the day. So much so that the Internet Security Office (OSI) has once again detected a new campaign involving a malicious email scam impersonating the identity of two Spanish banks, Santander and BBVA.
These emails have the usual suspicious files attached that pretend to be an invoice for a payment or a payment settlement. In reality, they are a Trojan-type malware which is being distributed.
In the case of Banco Santander, the email is sent by the user ‘email@example.com’ – simulating an official Santander Group account. Its subject line is ‘Confirmation – Payment notification’, in order to capture the attention of the victim and ultimately spread the malware.
The body of the mail informs the recipient that a payment settlement letter – a zipped file that is actually malware – is attached. ‘To gain the user’s trust, it provides online security advice via a link’, the OSI explained.
These emails do not appear to have any spelling mistakes, although they lack the entity’s logos and the format is very simple.
When checking the details of this supposed letter and unzipping the file, the name of the executable (.exe) file is usually a succession of numbers and letters such as “210909836-042205-sanlccjavap0003-3991.exe”.
In the case of BBVA, the email comes from the account ‘firstname.lastname@example.org’ – again simulating an official bank account. The subject line is ‘BBVA-Confirming Facturas Pagadas al Mencimiento’ (BBVA-Confirming Invoices Paid on Maturity).
‘The format of this e-mail address is very different from the one used by the bank. The domain has no connection with BBVA, which may give us a clue that it is not genuine’, explained the OSI.
There are no spelling mistakes in the body of the mail, although, as in the previous case, it lacks the logo of the entity and the format is very simple. It talks about information related to ‘invoices paid on maturity’ and attaches a compressed file, which supposedly contains the invoice.
This e-mail also tries to gain the user’s trust through security advice. It reminds them which data should not be provided by this means, as well as using formal warnings that are common in many entities, which talk about the privacy and confidentiality of the attached data.
After downloading the malicious file and unzipping it, you will see a name like ‘InvoicesPaidOnDue.PDF.vbs’ – although it may look like a PDF file at first glance, it is actually a Visual Basic script (code tool), as reported by larazon.es.
Thank you for taking the time to read this article. Do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.
Share this story
Subscribe to our Euro Weekly News alerts to get the latest stories into your inbox!
By signing up, you will create a Euro Weekly News account if you donâ€™t already have one. Review our
Originally from Wales, Chris spent years on the Costa del Sol before moving to the Algarve where he is a web reporter for The Euro Weekly News covering international and Spanish national news.
Got a news story you want to share? Then get in touch at email@example.com
Download our media pack in either English or Spanish.