Information Security

information security

What is phishing (fraudulent emails or text messages) and what is its goal?

Phishing scams consist in sending emails or text messages pretending to be originated from a particular entity or organization. They are usually faithful copies and contain misleading messages intended to prompt users to disclose confidential data (for instance, user names and passwords for homebanking sites,  credit card numbers, etc.) or to install malicious software (malware) that will allow their computers to be remotely controlled.

What can I do to identify this kind of message and avoid its consequences?

To protect yourself against these attacks, simply follow the basic rules of safe internet use, which are:

> Never send personal data requested by email or text messages, such as: credit card number, user names, passwords, or any other private data. EDP will never use these communication channels to ask you for this kind of information;

> Don't follow any links contained in suspicious emails or text messages. If you want to access the organization mentioned in the message, enter the address directly in your browser and browse it from there;

> If in doubt, contact the organization to confirm the authenticity of the email or text message, but never use the links contained therein. Do it the way you usually do;

> Keep your computer software up to date, especially your browser and security software such as anti-viruses and firewalls;

> install a tool bar on your browser. NetCraft has developed a tool bar that provides comprehensive information about the site you are accessing: the geographical location of the server hosting the site, the organization responsible for the site, and the first time the address was detected by NetCraft.

Where do they get the email addresses to send this kind of message?

Email addresses or mobile phone numbers used to send phishing messages on behalf of EDP were not obtained from any EDP database. Such information is usually collected from lists of users whose internet access devices have been infected with malware, thus spreading the phishing scam.

What to do if you are caught in a phishing scam?

If users click on the links contained in these phishing messages and run the attached files, they should:

> Seek expert technical assistance, mentioning that they have installed malware and fell prey to a phishing scam (show email or text messages). There are some technical instructions for cleaning infected devices. We recommend that they be performed by experienced users, as they include some commands which, if performed incorrectly, may render the device unusable and not solve the problem completely. Moreover, the phishing scheme carried out on behalf of EDP uses some malware variants which may require specific cleaning methods.

> Change the credentials for the most sensitive accesses (e.g. homebanking access codes); for that purpose, don't use any computer or device that may have been affected and which is not demonstrably clean.

Can EDP do anything to mitigate the impact of  phishing attacks?

Despite not having anything to do with such scams, EDP can and has taken action to mitigate the consequences of these phishing attacks, more specifically:

> Like all organizations involved in the effort to improve cybersecurity in the country, EDP uses its communication channels to issue warning notices and relevant information.

> Whenever you detect a site hosting malware, inform the site administrator that it is being used for unlawful purposes, and that measures must be taken to correct existing vulnerabilities;

> Send your anti-virus provider the malware used in the phishing scam so that they can develop tools to solve the problem; such tools will then be distributed to users by means of anti-virus regular updates. This measure does not solve the problem with infected devices, but helps prevent new infections.

Is the EDP electronic invoice safe?

Electronic invoicing is the most effective way to respect the privacy and security of customer data. Invoices are protected by robust security protocols that regulate the electronic invoicing service, and can be viewed or printed from the reserved customer area. Phishing scams involving the EDP name have not affected the safety of the electronic invoicing service.