With new technologies, there are more and more procedures that we can do from our computer. In addition, this has also meant significant paper savings for companies, since today practically all companies send invoices to their users by email. We are so used to opening the mail and finding one that we may do it without thinking. If that’s your case, and you receive one from Endesabe very careful.
This new scam that has appeared is once again carried out by an attempt to impersonate a large company, which in this case is Endesa. In this way, cybercriminals are trying to get us to “bite” and open an invoice that, as you can imagine, it’s much more than that actually.
An invoice that can be very expensive
As usual, it has been the National Cybersecurity Institute (INCIBE) that has echoed this new impersonation attempt. His method of proceeding is not too different from others that we have already seen in recent weeks. The consumer receives an email that appears to be from Endesa in their inbox, as they normally would, and where it is attached an alleged invoice corresponding to the month of May/Junewith an assigned numbering.
The “hook” of the mail is that this invoice corresponds to a series of payments that the customer has pending, and that if they are not paid as soon as possible, they could lead to an increase in them. As you can see in the following image, the email has a blue button where we should click to download what looks like a PDF file (it is indicated in the name, but not as an extension).
This link downloads a .zip file to our computer that contains another one with an .msi extension. When executed, the file downloads another malicious file compressed in .zip format, and according to INCIBE reports, these files contain the dangerous trojan known as Grandoreiro. Trojans are a type of malware that “infiltrates” our computer by simulating that they are other types of files, and this one in question allows cybercriminals to manipulate windows, record keystrokes and obtain addresses from the victim’s browser, among other things .
What to do to avoid this type of danger?
INCIBE always gives some recommendations to avoid this type of danger come to harm us. If you follow the following advice to the letter you will save more than one scare as with this supposed Endesa bill:
- Do not open emails that you have not requested or when you do not know the user who sends it
- never answer these emails
- Check the links that appear in the emails, even if you know who sent it to you
- Always be wary of all links that appear clipped
- Also distrust any attached file
- Keep your computer and your antivirus as up to date as possible
- Always use elaborate and hard-to-guess passwords
If, unfortunately, you have received this email and have downloaded the Trojan to your computer, INCIBE recommends that we immediately carry out a full scan with our antivirus to remove it as soon as possible, in addition to disconnect the equipment from our network to prevent the malware move from one team to another.