The Mossos d'Esquadra and the Civil Guard have warned of a new scam in which criminals impersonate the Tax Agency (AEAT) or the National Currency and Stamp Factory (FNMT).
In a publication on the social network 'X' they explained that the objective of the scam is to "infect the device with malware."
This phishing campaign aims to distribute a stealer, known as 'GuLoader/Agent Tesla' to obtain personal information, impersonating the National Currency and Stamp Factory (FNMT) and the Tax Agency (AEAT).
If you have received an email with the characteristics mentioned above, but you have not downloaded any attachments, nor have you responded with any personal information, mark it as spam and delete it from your inbox.
"Do not run any file or click on any link and, if you have done so, use an antivirus," the police force has requested.
On the other hand, if you have downloaded the file, but have not executed it, be sure to delete it, both from the downloads folder and from the recycle bin.
If for some reason you have downloaded the file and executed it to proceed with the instructions in the email, the following steps must be performed:
1. Disconnect the device you used to download from your home network, and thus prevent it from spreading to other devices.
2. Change the password, use two-factor authentication (2FA) and close existing sessions.
3. Use the antivirus that you have installed on your system to perform a complete scan of the computer, and thus be able to eliminate any threat if possible.
If you think that the device could still be infected, you can consider formatting the computer or restoring factory settings to disinfect it. We recommend making periodic backups to be able to restore those files before they have been infected.
You can take screenshots of the email and files to attach as evidence if you are going to file a complaint with the State Security Forces and Bodies, use online witnesses to certify said evidence.
If you have doubts about whether it is an official communication, you can contact the FNMT or AEAT to corroborate the information provided.
Learn how to avoid these types of attacks and how to act against them by following our prevention tips.
Pay close attention to the wording of the suspicious message. The emails detected contain messages with writing errors, such as poorly formulated expressions or a strange order when displaying information. In addition, they offer a .zip file that contains a hidden stealer, so it is advisable not to download it.
The issues identified to date are:
“AEAT – Notification Notice”.
“Expiration of your FNMT Certificate”.
