Skip BreadcrumbHome / Security / False messages using the name EDP

False messages using the name EDP


We have been alerted that several Clients and non Clients received e-mail messages supposedly sent by EDP with the subjects "Aviso Importante Cliente EDP – Portugal, Fatura disponível…" [Important Notice for Clients of EDP Portugal, bill available...] and “A sua fatura EDP - (31563)” [Your EDP Bill - (31563)], both requesting that the user opens an image to view the electricity bill.

Examples of the e-mails received:

Clique para aumentar Clique para aumentar

 

These are another two Phishing attempts wherein, when you access the link/attachment sent, you install malicious software without even knowing it.

After this malware is installed on your device, we verified that, when you login to millenniumbcp.pt, you get a pop-up regarding our web page, warning that you need to install a security module “Instalação do Módulo de Segurança”, asking you to enter your Multichannel Code, afterwards sending a text message with an Authorization Code, as per the screen images below:

 

Clique para aumentar Clique para aumentar Clique para aumentar Clique para aumentar

 

Following this phishing of the User's access codes, the cyber-criminal requests an Authorization Code to execute the registry in the Millennium App, and an SMS will be sent saying "Pedido de registo na App Millennium - Cod. Autorização: *******"(Request to register the Millennium App - Authorisation Code: *******).   Contacte o Banco caso não tenha solicitado este código.” (Contact the Bank if you did not request this code). - Do not enter the Code you received on your mobile phone in the field shown above.

Please be reminded that:

  • You should beware of any e-mail that requires "immediate action" or creates a sense of urgency, especially if it shows spelling errors or bad grammar and has attached executable files (.exe);
  • The three (3) random digits of the Multichannel Code are requested when you login to www.millenniumbcp.pt as well as for the management of your personal data/access codes (if your enter a wrong number, the three random positions requested remain the same until you login successfully);
  • Carefully read the SMS received containing the Authorisation Codes since the transaction data are identified in the SMS;
  • Phishing aims to abusively confirm/get personal data/access codes through messages with links/attachments that can infect a computer with malicious software or lead the user to fake websites, identical to the trustworthy websites. Avoid opening links to external websites as well as opening executable files;
  • Analyse the e-mails you receive before opening them, always confirming the source and the subject, if possible, with the issuer;
  • Never provide personal information or data in an e-mail reply;
  • Install (if you haven't done so yet) an antivirus software and update it regularly.

Remember: The protection of your assets and of your computer depends on you!


You can read all the Security information here. (Companies)

You can read all the Security Information available here. (Individuals)​





If you ever find something out of place at www.millenniumbcp.pt/en or if you need further information
please contact us using Banco Mail or, alternatively, by telephone on
918272424 / 935222424 / 965992424 (domestic call)
or +351210052424 (international call).

The cost of the calls depends on the specific prices agreed by you with your telecommunication operator.​