Cybercriminals attempt to infect computers by simulating a notification of a DGT fine. When you download it, a malware tries to steal the passwords of the victims of this phishing.
Phishing attacks are the most used by cybercriminals to steal data from users. In fact, according to the latest Email Fraud Landscape report, more than 6,400 fraudulent, fake or dangerous emails are sent every day. Many of them are phishing attacks.
These types of emails are designed to trick people into doing something, such as clicking on a link or downloading a file. These types of emails are sent supplanting organizations, entities or individuals, so that poorly trained users easily fall for the scam.
On the other hand, although in this type of mail there are certain clues that may indicate that we are dealing with a phishing, sophisticated emails can be received with personal information of the victims, which makes it more difficult to detect them. This is what is happening with a fraudulent email on behalf of the DGT, which manipulates users with the warning of a fine of 1,530 euros.
The email is reaching so many users that the DGT itself has had to warn on Twitter that it is an impersonation. The deception is designed for victims to download an attachment that claims to have the details of the fine. However, what we would be downloading is a malware programmed to steal passwords.
Detect the DGT fine and other customized attacks
Al igual que en un phishing masivo, lo primero que tenemos que hacer para reconocer un correo fraudulento es comprobar si la dirección del remitente es la oficial. En ocasiones el matiz es muy ligero y los cibercriminales pueden haber creado una dirección muy similar. Sin embargo, haciendo una búsqueda Internet del contacto oficial podremos comprobar si se trata de un correo legítimo.
As in mass-phishing, the first thing we have to do to recognize fraudulent email is to check if the sender’s address is the official one. Sometimes the nuance is very light and cybercriminals may have created a very similar address. However, by doing an Internet search of the official contact we can check if it is a legitimate email.
In addition, before clicking on any link or downloading attachments it is best to go to the official website using our browser. If we visit the DGT portal we could verify that we do not have any notification about a traffic violation.
Moreover, as DGT itself indicates in its tweet, the agency never reports violations in this way, but by certified letter. It may be the case that if a user has signed up for the electronic notification service, they will receive an email notification. However, it is accessed with a specific identification. The DGT would not send download attachments.
Nevertheless, whenever we receive an email with shortened links or download files we should suspect. To check where the links take us, we can place the cursor over the link without clicking and check in the bottom corner of the screen where they will redirect us.
However, as we say, it is best to suspect from the beginning and visit the official website or contact the agency by other means to confirm the veracity of the email.
In the era of Twitter, virtually all organizations answer the mentions. In this way, we can not only avoid falling into a hoax that aims to infect our computer, but also help other users know about the scam.