The Instituto Nacional de Ciberseguridad has warned of a phishing campaign that impersonates the Dirección General de la Guardia Civil and Europol with the hook of a supposed Operación Endgame. The objective of the cybercriminals is to obtain personal and banking data, in addition to attempting the extortion of the victims.
The campaign is distributed through emails that arrive with subjects like "CALL" and that incorporate an attached file in PDF format with the name "NOTIFICACION_EXP_217-124 (1).pdf". In the message, the sender appears as "GCivil Infociudadana" and uses addresses like 18602143.edu@juntadeandalucia[.]es.
Impersonation with official appearance
The attached file presents an apparently institutional image. It includes logos of the Ministerio del Interior, of the Brigada de Cibercriminalidad and of the Centro Europeo de Cibercriminalidad de Europol. With that appearance, the message tries to give credibility to a false communication so that the recipient lowers their guard.
The PDF text assures the user that their device has been infected and converted into a "zombie" within a botnet network. From there, the authors of the campaign try to generate alarm and push the victim to provide sensitive information or to reply to the email.
Fake signature and recommendations
Among the detected elements is the signature of an alleged head of the Central Cybercrime Unit named Pascual Grisolia, a non-existent position and identity. That reference is part of the strategy to reinforce the official appearance of the document and sustain the deception.
INCIBE recommends that anyone who has provided data or replied to the message file a complaint with the National Police or the Civil Guard. The warning focuses on cutting off as soon as possible any possible fraudulent use of the information provided by the victims.