This version of is not compatible.

Non-compatible browsers, in addition to preventing you from using all of the webpage’s features, are slower and present security risks.

We recommend that you update your version of your browser now, or that you access the page using another compatible browser.

Go to content
Press enter to display the menu content Press enter to display the language options Press enter to display the font size options

Main Home

Page saved correctly as favourite

Phishing

Phishing

Phising
Phishing or identity impersonation is a type of internet scam that can lead to fraud.

It consists of fraudulently obtaining a user's personal data through the use of a business's corporate identity elements, such as the email or a fake webpage.
 
Endesa will never request your personal data or confidential passwords by email. Except:
  • If the customer initiates contact by email.
  • If Endesa launches a campaign, it could be associated with forms where data is requested.

False Endesa invoice notices

 

We have detected a fraudulent campaign simulating Endesa notifications and inviting you to download the bill. Once the email has been opened, if you click on the link, you will be taken to a site containing malicious code (“a virus”), which blocks the personal files of computer users.

We have already warned our customers about this fraudulent campaign, which uses a supposed company bill as a decoy. If users download the content, all their personal files stored on their computer will be blocked and they will then be asked to pay a ransom to recover the files.

We are already carrying out the relevant actions to combat this software attack and we will keep you informed of any relevant updates in this regard.


Below is an example of these fake notifications:

Urgent notice: False Endesa invoice notices

The Spanish National Cybersecurity Institute (INCIBE) is offering a service to help those affected by the fake Endesa bill virus.

In order to identify the type of virus and to verify whether the data can be recovered, the INCIBE recommends sending an email to incidencias@certsi.es and attaching two or three Word or Excel files (originally with a .doc or .xls extension) affected by the virus and which do not contain private or confidential information and larger than 1 MB. In addition, you will have to refer to the file that explains how to make the corresponding payment to recover the information.

 

How can I avoid phishing?

  • Never provide your bank information via email.
  • Never send your personal information by email.
  • If asked to do so, do not make online payments through an email or a non-secure webpage.
  • Protect your passwords.
  • Write the url or web address directly into the browser's address bar.

Communications that are not phishing

 
Endesa sends its customers information regarding campaigns or promotions for its products and services. These offers may be associates with registration or contract forms that require personal information. Said forms will always be kept on the official Endesa webpage.
 
A trick: if you have doubts about something's legality, write the url or web address directly into the browser's address bar.
 
 

Online payment request

 
Remember that Endesa will never request that a customer pay a debt by email. In the case of receiving this type of email, get in touch with Endesa at the following free telephone numbers:
 
  • Voluntary Price for Small Consumers (VPSC) Customers - Endesa Energy, XXI 800 76 03 33
  • Open Market Customers-Endesa Energy: 800 76 09 09
You should never pay any taxes or fees requested by Endesa by email.
 
If you have participated in one of Endesa’s promotional campaigns and won, the payment of any corresponding taxes will be handled by the Office of Inland Revenue.
 
Up