The National Cybersecurity Institute (INCIBE) has warned about a fraudulent campaign through fraudulent emails trying to impersonate the Ministry of Health.
The technique, known as phishing, sought to deceive with an alleged call to summon an extra dose of the coronavirus vaccine. The message is sent from an address that does not belong to the official domain of the ministry and has the subject ‘We have an urgent announcement about the extra dose of vaccine!’.
However, INCIBE points out that “it is not ruled out that other emails may be being sent with other similar or even different topics,” Europa Press reports.
In the fraudulent email detected, the user is informed that they have been selected to receive an additional dose of the vaccine, from which they could also choose the ‘brand’ from among those available.
“To do this, you simply have to download a document by clicking on a link provided in the email itself. However, said link downloads a .zip file that contains a malicious file,” they emphasize from the body dependent on the Ministry of Economic Affairs and Digital Transformation,
As Europa Press adds, in this situation, INCIBE explains that the user who has received the email and clicked on the link “will have downloaded and executed a malicious file” on the device, therefore, they must proceed to disinfect it following the specified guidelines. .
Likewise, the institute points out that if doubts arise during the disinfection process, the citizen can contact the Incibe-Cert incident management team, where “a technician will help resolve doubts.”
But as general advice, INCIBE asks for extreme caution and for users not to open “emails from unknown or unsolicited users”, but rather to delete them directly, in addition to not replying to these emails or sending personal information. Same preventive routines for links and attachments in emails, SMS, messages on WhatsApp or on social networks, even if they are from known contacts.
In addition, it is recommended to always have the operating system and antivirus updated or, in case of doubt, consult directly with the company or service involved or with trusted third parties such as the State Security Forces and Corps (FCSE) or the Office of Internet User Security (OSI).