Scammers Use Spain-portugal Blackout For Tap Air Refund Phishing Scam

SEO: Cybercriminals are utilizing nan caller powerfulness outages successful Spain and Portugal to motorboat phishing attacks disguised arsenic TAP Air Portugal, aiming to bargain individual and financial data.

Cybersecurity researchers astatine Cofense Intelligence precocious uncovered a deceptive email run containing fraudulent messages designed to mimic charismatic communications from TAP Air Portugal, nan nationalist hose of Portugal.

This peculiar strategy exploited a important news event: nan wide powerfulness outage that affected some Spain and Portugal connected April 28, 2025. It is worthy noting that these malicious emails were distributed while nan disruption was still ongoing. This timing suggests nan perpetrators’ deliberate effort to return advantage of nan disorder and recreation disruptions caused by nan outage.

The clone email looked for illustration a morganatic email from TAP Air Portugal claiming that group could person money backmost for precocious aliases cancelled flights because of European aerial recreation rules. The email besides claimed nan money would beryllium deposited into their slope relationship wrong 2 days.

The email’s title prompted group to capable retired a shape for refunds, requiring victims’ personally identifiable accusation (PII), including names, addresses, interaction details, and delicate financial data. When clicked, users were directed to a clone webpage that appeared to beryllium a shape for refunds. However, erstwhile they clicked connected nan Submit button, thing happened, and their delicate individual and financial specifications were transferred to nan attackers.

The Fake Email (Source: Cofense)

Cofense Intelligence’s study reveals that this run was not constricted to a azygous connection arsenic nan threat actors targeted some Portuguese-speaking and Spanish-speaking individuals. This was evident successful nan usage of 2 chopped email taxable lines.

For Portuguese speakers, nan taxable statement publication “Atualização de compensação: atraso em seu voo recente,” translating to “Compensation update: hold successful your caller flight.” Simultaneously, Spanish-speaking targets received emails pinch nan taxable statement “Compensación por su vuelo: Complete su solicitud ahora,” meaning “Compensation for your flight: Complete your petition now.”

This multilingual attack underscores nan wide scope and observant readying of this phishing attack, researchers noted successful their blog post shared exclusively pinch Hackread.com.

Fake Refund Eligibility Form (Source: Cofense)

This run highlights really quickly cybercriminals tin utilization real-world events, for illustration nan powerfulness outage successful Spain and Portugal, to behaviour phishing attacks. By impersonating a trusted hose and promising compensation, they purpose to deceive users into revealing delicate individual and financial data. Everyone must stay alert and cautiously analyse immoderate unexpected emails, particularly those requesting individual accusation aliases financial details.