As millions across Europe faced a major blackout earlier this week, cybercriminals quickly seized the moment to launch a targeted phishing campaign aimed to steal personal and financial information.

According to a new report from Cofense Intelligence, a spoofed email campaign impersonating TAP Air Portugal, the Portuguese national airline, circulated widely during the April 28 outage. The phishing emails were sent out during the April 28 outage, making use of the ongoing crisis to increase their credibility.

Mail impersonating TAP Portugal

Written in both Portuguese and Spanish, the emails were titled “Atualização de compensação: atraso em seu voo recente” and “Compensación por su vuelo: Complete su solicitud ahora.” Both claimed the recipient was eligible for a refund in line with EU air passenger compensation regulations and encouraged them to fill out a form to receive money directly into their bank account.

Fake Refund Forms

Victims who clicked the link in the email were directed to a credential phishing page that closely mimicked TAP Air Portugal’s branding. The page asked users to input personally identifiable information (PII) along with their credit card details, under the guise of processing a refund for disrupted flights.

Fake refund Form

Cofense analysts noted that there was no redirection after users clicked the “submit” button, indicating that the main objective was simply to collect the submitted data. The phishing infrastructure was hosted on compromised WordPress domain—another common tactic used by cybercriminals to bypass security filters.

Conclusion

TAP Air Portugal has not released an official statement regarding the impersonation, and authorities have yet to identify the perpetrators behind the campaign. Cybersecurity experts are urging anyone who received a compensation related email this week to avoid clicking on suspicious links and to report any phishing attempts to the appropriate national cybersecurity agencies.

Source: hxxps[://]cofense[.]com/blog/spain-and-portugal-power-outages-spark-a-surge-in-phishing-attacks

Follow Cybersecurity88 on X and Linkedin for the latest cybersecurity news