A few days after the start of the income tax campaign, a massive distribution of fraudulent emails on behalf of the Tax Agency has been detected.
With the income statement campaign just around the corner an attempt has been detected hacking massive that uses the Tax Agency as bait. At the moment two variants of the attack have been detected, although in both cases email is being used as a distribution system.
East campaign of hacking has been detected by Anexia Technologies that warns that despite the fact that it has been common with the start of the campaign for the declaration of income, fraudulent emails are received, This new attack is alarming because it involves not only identity theft, but also encryption of information. of computers and mobile phones.
The modus operandi: phishing and trojans
In the report, the experts who have detected the attack assure that at this time there are two variants: one that uses the phishing to steal your identity and another that installs a Trojan It encrypts your device information so you can’t access it until you pay a ransom. In both cases emails that pose as the Tax Agency are used.
In the case of TrojanAs explained by Asevera Eduard Requena, the email takes you to download a file that, once opened, encodes all the data on the computer so that its owner cannot access them. From there he is blackmailed into paying a ransom (which can go up to 1,000 ) to recover your computer. A payment that does not always end up solving the problem since, according to Requena, there are cases in which the companies that have suffered the attack end up paying for fear of losing the information and still do not receive the decryption key
In the variant of phishing It is not a question of blocking access to the information, but rather that they try to obtain all the personal information possible and then use it against the victim. There have been cases in which an email is received informing the victim of an alleged refund by the Treasury and asking for personal and bank details. Some information with which they later embezzled the bank accounts of the victim.
How to avoid being hacked when making the income statement
If you want to avoid falling into the trap while making your income statement, we recommend that you follow these tips to avoid phishing:
- Before entering an external link, check the linked URL and the sender.
- Beware of emails with misspellings or grammar.
- Do not enter personal data or passwords on unknown pages. The Tax Agency will never request personal data by mail.
And to avoid a Trojan:
- Check the sender’s address.
- Avoid opening or installing files of dubious origin.
- Have physical and cloud backups of your most important data.