At the beginning of 2025, Spanish users faced another cyber threat: scammers are sending emails while impersonating the well-known energy provider Iberdrola. These messages are highly convincing — they use the company’s official colors, logo, and mimic its notification style. The email claims there is an outstanding bill for a significant amount, immediately raising alarm for the recipient.
The main goal of the attackers is to trick the recipient into clicking a link that leads to a fake website, where they are prompted to download an archived file. Inside, a malicious program is hidden, designed to steal passwords, banking details, and other personal information. Once launched, the virus can not only access the data but also spread to other devices connected to the same network.
How to spot a dangerous email
At first glance, the message seems legitimate. However, a closer look reveals the sender’s address does not match the official Iberdrola domain. The email often features a link to a counterfeit login page. Once followed, it downloads a file with the .iso extension — this file contains malware known as Zbot or Grandoreiro.
If a user opens this file, the virus will silently go to work: it can harvest logins, passwords, bank card data, and may even try to infect other computers on the home or office network. In some cases, the malware may block access to important files or use the device for further attacks.
What to do if you receive a suspicious email
Experts advise always checking who the message is actually from, especially when it comes to financial matters. If an email looks suspicious, don’t click links or download attachments. It’s best to mark it as spam and delete it immediately. All bills and notifications should only be checked through the official company website or via their customer service hotline.
If the file has already been downloaded but not opened, simply delete it and empty your trash bin. If a malicious program has been launched, immediately disconnect your device from the internet, run a full antivirus scan, and, if necessary, restore the system from a backup. It’s also important to save all evidence of the attempted fraud—screenshots, the email text, attachments—as this will help if you need to contact the police or cybersecurity specialists.
If in doubt, always use only the company’s official support channels or consult cybersecurity professionals. Don’t trust emails demanding urgent action or threatening with large debts—these are major signs of fraud.
