A new fraudulent email campaign impersonates a supposed Administrative Legal Cabinet linked to the Civil Guard to try to get recipients to open an official-looking PDF file. The message simulates a summons, includes a case number, and uses legal language along with warnings about possible legal consequences if not responded to quickly.
The objective is clear. To pressure the user into opening the attached document without verifying its authenticity. That file may contain malware and activate malicious processes without the victim ever becoming aware of it.
A PDF with a legal appearance to infect the device
The threat is presented as a formal and urgent communication. That format seeks to take advantage of the trust generated by public bodies and the fear of a possible claim or summons. Once executed, the file could install a Trojan or another type of virus on the device.
The scope of the attack is not limited to a single medium. The risk affects both mobile phones and computers. If the infection is complete, the malicious software could access passwords, personal data, and even control of the device.
Personal information and sensitive accesses at risk
This type of malware can compromise especially sensitive information. Among it are bank accounts, social media profiles and professional accesses, in addition to other data stored on the device or linked to the victim's credentials.
The mechanism fits with the recent evolution of digital scams, increasingly focused on the impersonation of public bodies to reinforce the appearance of legitimacy and increase the chances that the user acts hastily.
What to do if the mail arrives
The recommendation is not to open the attached file and to directly delete the message if an email of these characteristics is received. If the document has been opened by mistake, it is advisable to delete it immediately and perform a complete analysis of the device with an antivirus.
As an additional measure, the file can also be pre-checked with online virus scanning services. The priority is not to interact with the attachment and to check the terminal as soon as possible to prevent credential theft or a possible system intrusion.