Recommendations to protect against phishing

Phishing involves impersonating organizations or individuals to obtain confidential information including passwords, bank details or personal information. It is done by sending emails or text messages and by creating websites or social media profiles which are false but look genuine.

To avoid unlawful or fraudulent use of the Garrigues brand and of the identities of its professionals, we want to make you aware that:

• The firm and its professionals only make contact using emails containing the official domain @garrigues.com (and @g-advisory.com in the case of our consulting subsidiary); we do not have any alternative email addresses and do not make contact on WhatsApp or other instant messaging apps.
   
• The firm's official websites all have the domain garrigues.com y g-advisory.com.
   
• The firm’s official social media channels are:
   
  
  • LinkedIn: https://www.linkedin.com/company/garrigues
     
  • X: https://x.com/garrigues_es
     
  • YouTube: https://www.youtube.com/@garrigues
     
  • Facebook: https://www.facebook.com/garriguesabogados/

Garrigues performs strict monitoring of its various platforms to avoid possible cases of fraud and impersonation and regularly reviews the measures for avoiding them . If, however, you receive any type of suspicious information / communications linked to the Garrigues brand, our recommendations are:

• Be suspicious of any message sent by a professional with whom you have not had any previous contact.
   
• Do not interact with these messages and delete them, especially if they contain attachments or links.
   
• Do not provide sensitive data (personal information, bank details and the like) and be wary if they request an urgent payment from you.
   
• Report it to us at the following email address: [email protected]
   
• Report to the authorities if you think you have been the victim of a scam or fraud.

Examples of phishing

• Sending communications impersonating a brand or identity informing of the commencement of legal proceedings of any kind (copyright infringements, fraud, inheritance, investments or fictitious legal procedures) so as to obtain the recipient's trust.
   
• Sending false invoices requesting payment into other bank accounts with the aim of appropriating the funds.
   
• Sending communications requesting a change of bank details (IBAN) for the purpose of rerouting the funds.
   
• Links to false websites or profiles on social media (LinkedIn, Instagram, TikTok or Facebook) impersonating an identity to obtain the trust of the individual receiving or viewing them.
   
• Impersonating the identities of professionals on WhatsApp or other messaging platforms to establish contact for unlawful aims.
   
• Making phone calls by impersonating the identities of professionals to give credibility to a preliminary communication sent to obtain the recipient’s trust.
   
• Sending false links from general purpose platforms (DocuSign, Workday, Salesforce, Adobe, among others) and impersonating an identity to harvest credentials.
   
• Publishing false job offers to obtain personal information or confidential information.