Last week, several colleagues, clients and non-clients received fraud attempts using the Galp brand. The first campaign was conducted through Phishing e-mails with the goal of stealing bank card data. The second campaign was disseminated through WhatsApp messages aimed at stealing personal data (name and contacts) in exchange for an alleged 3-month supply of free fuel.
As has been publicly reported by both the Criminal Police and the National Center for Cyber-security, this type of cyber-attacks has been happening more frequently since the beginning of the pandemic period, as cyber-criminals take advantage of the physical isolation and emotional or economic frailty that increases the probability of success of this type of attack, given that victims cannot share their doubts with colleagues, friends or relatives.
This type of campaign has involved many other brands - similar campaigns have targeted CTT and Jerónimo Martins - and they have reminded us that the Galp brand is also very appealing to cyber-criminals, given its good reputation in the national market and the confidence it generates in consumers.
For this reason, it is important to reinforce that each of us should be an ambassador for Galp, not only in the way we represent it, but also in the way we protect it - improving Galp's cyber-security on a daily basis and consequently making our customers more cyber-safe as well.
Galp is strongly reinforcing its cyber-security. As part of this effort, it has recently officially created the CSIRT Galp(Cyber Security Incident Response Team), a 24/7 cyber-security incident response team working to respond to all kinds of cyber-threats. Should you detect any potential cyber-incident or fraud please do not hesitate to contact this team at csirt@galp.com.
We recommend extreme caution when accessing, receiving or sharing messages or digital content with fraudulent potential, for example:
1. Requests for payment of overdue invoices;
2. Issue of transfers or payment of customs fees to unblock orders;
3. Changing bank payment data or blocking bank accounts;
4. Any message associated with the COVID-19 pandemic, requesting you to enter bank payment data or personal data;
5. Any message that induces a disproportionate sense of urgency;
6. Any message coming from people you don't know, or coming from someone you know, but with an unusual or strange language (e.g. too formal or informal).
In any of these situations, please contact CSIRT Galp immediately.
Cyber-security incident response team - csirt@galp.com
#seesomething #saysomething