Spanish banks latest email invoice scam that is doing the rounds

Abraham Smith

Note that a new email scam is making the rounds posing as two Spanish banks, Santander and BBVA.

Internet scams are unfortunately the order of the day. So much so that the Internet Security Office (OSI) has once again uncovered a new campaign involving a malicious email scam impersonating two Spanish banks, Santander and BBVA.

These emails have the usual suspicious files attached, pretending to be an invoice for a payment or settlement. In reality, it is Trojan-type malware that is being distributed.

In the case of Banco Santander, the email is sent by the user “[email protected]” – an official Santander Group account is simulated. The subject line reads “Confirmation – Payment Notification” to attract victim’s attention and eventually spread the malware.

Image of a fraudulent email from Banco Santander. Credit: OSI

The body of the email informs the recipient that a payment processing letter — a zipped file that is actually malware — is attached. “In order to gain the user’s trust, it provides online safety advice through a link,” the OSI explained.

These emails do not appear to contain any spelling mistakes, although they lack the entity’s logos and the format is very simple.

Upon checking the details of this supposed letter and unzipping the file, the executable file name (.exe) is usually a string of numbers and letters like “210909836-042205-sanlccjavap0003-3991.exe”.

In the case of BBVA, the email comes from the account “[email protected]” – again an official bank account is simulated. The subject line is “BBVA-Confirming Facturas Pagadas al Mencimiento” (BBVA-Confirmation of invoices paid when due).

Image of a BBVA scam email. Credit: OSI

“The format of this email address is very different from that of the bank. The domain has no connection to BBVA, which could give us an indication that it’s not genuine,” the OSI explained.

There are no spelling mistakes in the text of the email, although as in the previous case, the entity’s logo is missing and the format is very simple. It speaks of information related to “bills paid when due” and attaches a compressed file claiming to contain the bill.

This e-mail also attempts to gain the user’s trust through security instructions. It reminds them which data should not be provided in this way and uses formal warnings, common practice in many companies, that indicate the privacy and confidentiality of the data attached.

After downloading and unzipping the malicious file, you will see a name like “InvoicesPaidOnDue.PDF.vbs” – although it may look like a PDF file at first glance, it is actually a Visual Basic script (code- tool) as reported by larazon.es.

___________________________________________________________

Thank you for taking the time to read this article. Remember to come back and check The Euro Weekly News Website for all your latest local and international news and remember you can follow us too Facebook And Instagram.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *