on new scam on the internetcybercriminals impersonate a mobile operator to distribute information. Trojan horsecan steal victims’ bank details via email. Warning issued by ESET on Monday (25).
According to the cybersecurity company, the malicious campaign fake Vivo invoices to collect. Unlike other actions of this type, the message contains a zip file that must be downloaded to pay off the alleged debt.
To deceive targets, cybercriminals change the sender, allegedly impersonating an official Vivo email addressand use an operator-like design. The message also carries an urgency character warning that the account will expire on the same day and encourages victims to download the file without further verification.
By clicking the link to download the invoice, the user scam websiterequires the file to be downloaded. If you run the installer, the victim will no longer see any windows or messages, but according to the cyber threat detection company, the banking trojan will be installed on the device and will act by looking for financial data from the services and websites accessed.
Beware of false accusations
in order to avoid Theft of bank data by Grandoreiro malware, the main tip is to always be suspicious of such messages. Generally, operators send payment notifications in PDF rather than zip format, and it is not necessary to extract files in official communications.
besides not downloading fake invoicepay attention to the sender of the message and hover over the access button without clicking. check domain. If in doubt about the communication received, contact the operator through official channels to find out if the message is correct.
Source: Tec Mundo
