It doesn’t seem like a week has passed and a new phishing campaign and dangerous emails are making waves on the internet, among Romanians. The latest borrows the visual identity of ANAF and hides a very dangerous virus. For this reason, it is very important not to open the attachment, both on the phone and on the laptop.
Before presenting the scenario that we faced “first hand”, it is very important to note that ANAF does not send email notifications regarding debts, maturities or other types of warnings. Any interaction in digital format with the Tax Office takes place through the Virtual Private Space or SPV, accessing ANAF.ro and logging in to the top right corner.
“There were a few people who called that number that is from ANAF, they did well because they were told it was a fake e-mail. We never send by e-mail, we use the Virtual Private Space which is the main interface of communication with taxpayers, if it is forced to receive summonses “, explained the president of ANAF, shortly after they started circulating on the Internet malicious email.
ANAF does not send emails with attachments
Depending on the email client you use, chances are that the message that appears to come from ANAF will end up in spam and you will receive a notification that it contains a virus. Unfortunately, not all Romanians are equally inspired and risk infecting both their laptop and phone. Ideally, if you have doubts when it comes to such messages, the first step is not to open the attachment. The second is to enter the Virtual Private Space and check if you have, authentically, any notification from ANAF. On the agency’s website, there are also some phone numbers that you can call to find out if the summons is real or fictitious.
The latest phishing campaign with the identity of ANAF contains a warning related to outstanding tax invoices. In the body of the message, you are warmly invited to go to the “bank or any nearby tax office with the tax invoice attached” to pay your tax. Problems arise when you open the “invoice”.
A notification from the National Cyber Security Directorate (DNSC) has already been issued on this cyber malware infection effort. “In this case, the text used by the attackers refers to this psychological stimulus from the beginning, the recipients of the e-mail being notified that they have ‘outstanding tax payments’, and to check the situation they must access the ‘attached tax invoice’. Once downloaded and accessed, the attachment leads to the infection of the device with LokiBot malware “, explain the DNSC specialists, quoted by Agerpres.
The same Romanian authority comes forward with some tips on these messages. “Every time you receive an unsolicited message, you need to be careful and check the source of the received message. In this case, if the information in the mail header was accessed, it could be seen that the message was sent from the newtargets24.online domain and not from anaf.ro. Furthermore, if the user was attentive to the text of the message, he noticed that it is most likely automatically translated into Romanian from a foreign language, because there are clear errors of expression that can be identified immediately.
The initial mailing formula (‘a good day’) is often used at the end of a message, not at the beginning. Next, the text sounds extremely strange, which should have raised serious questions to the recipient (‘This is to inform you’) about the legitimacy of this email. In addition, if the user scans the email attachment with an existing security solution on the device, or one available for free online (eg VirusTotal), he could immediately realize that it is a malware-infected file “, they pointed out cybersecurity experts within the DNSC.