Home > Security > Security News

Hackers Impersonate TAP Air Portugal in Phishing Emails Offering Canceled Flights Compensation

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
airline_onboard

Cybercriminals have once again capitalized on real-world disruptions, leveraging the widespread power outage that affected Spain and Portugal on April 28, 2025, to launch a sophisticated phishing campaign

Security researchers at Cofense Intelligence have revealed that malicious actors orchestrated a deceptive email campaign impersonating TAP Air Portugal, the national airline of Portugal. These fraudulent emails claimed to offer compensation for delayed or canceled flights due to the blackout.  

The phishing emails mimicked legitimate TAP Air Portugal communications, promising a refund credited directly to victims' bank accounts within two days. 

Email campaign spoofing TAP Air Portugal offering a tax refund due to cancelled flights
Email campaign spoofing TAP Air Portugal offering a tax refund due to cancelled flights | Source: Cofense

Users were directed to click a link that led to a counterfeit refund form, requesting personally identifiable information (PII) such as names, addresses, contact numbers, and banking details.  

Upon clicking the submit button on the fraudulent form, victims' sensitive information was harvested by attackers. Notably, the fake webpage displayed no confirmation of submission, leaving users unaware of the data theft.  

The credential phishing page purports to be a refund eligibility form
The credential phishing page purports to be a refund eligibility form | Source: Cofense

The campaign exhibited a multilingual approach to maximize its reach, targeting both Portuguese-speaking and Spanish-speaking individuals, with emails including subject lines like “Compensation update: delay in your recent flight” and “Compensation for your flight: Complete your request now.”

By aligning their attacks with real-world incidents like a major blackout, scammers manipulate victims' sense of urgency and trust, coaxing them into responding to fraudulent solicitations.  

Additionally, the carefully timed launch during the ongoing power outage created an environment of confusion and distraction, making recipients less likely to question the legitimacy of the emails. 

Add a Comment
Related
Take it Down Act for DeepFake NCII
‘Take It Down Act’ Moves Closer to Becoming Law Amid Free Speech Suppression Concerns
hospital
Ascension Health Data Breach Exposes Patient Information for the Second Time in a Year
Enhanced StealC Version 2.0 Targets Crypto Wallets, VPNs, Gaming Apps, Browsers
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
Most Popular
The Fantastic Four
Thunderbolts: Does the Post-Credits Scene spoil the Ending of The Fantastic Four film?
Take it Down Act for DeepFake NCII
‘Take It Down Act’ Moves Closer to Becoming Law Amid Free Speech Suppression Concerns
Thor and The Void
Thunderbolts Easter Eggs: Major MCU and Marvel Comics References You Might’ve Missed
Another Simple Favor
Blake Lively's Another Simple Favor Ending Explained: Twists, Murders, and the Mafia
hospital
Ascension Health Data Breach Exposes Patient Information for the Second Time in a Year
Enhanced StealC Version 2.0 Targets Crypto Wallets, VPNs, Gaming Apps, Browsers
Thunderbolts: Does the Post-Credits Scene spoil the Ending of The Fantastic Four film?
‘Take It Down Act’ Moves Closer to Becoming Law Amid Free Speech Suppression Concerns
Thunderbolts Easter Eggs: Major MCU and Marvel Comics References You Might’ve Missed
Blake Lively's Another Simple Favor Ending Explained: Twists, Murders, and the Mafia
Ascension Health Data Breach Exposes Patient Information for the Second Time in a Year
Enhanced StealC Version 2.0 Targets Crypto Wallets, VPNs, Gaming Apps, Browsers

Most Popular
The Fantastic Four
Thunderbolts: Does the Post-Credits Scene spoil the Ending of The Fantastic Four film?
Take it Down Act for DeepFake NCII
‘Take It Down Act’ Moves Closer to Becoming Law Amid Free Speech Suppression Concerns
Thor and The Void
Thunderbolts Easter Eggs: Major MCU and Marvel Comics References You Might’ve Missed
Another Simple Favor
Blake Lively's Another Simple Favor Ending Explained: Twists, Murders, and the Mafia
hospital
Ascension Health Data Breach Exposes Patient Information for the Second Time in a Year
Enhanced StealC Version 2.0 Targets Crypto Wallets, VPNs, Gaming Apps, Browsers
Thunderbolts: Does the Post-Credits Scene spoil the Ending of The Fantastic Four film?
‘Take It Down Act’ Moves Closer to Becoming Law Amid Free Speech Suppression Concerns
Thunderbolts Easter Eggs: Major MCU and Marvel Comics References You Might’ve Missed
Blake Lively's Another Simple Favor Ending Explained: Twists, Murders, and the Mafia
Ascension Health Data Breach Exposes Patient Information for the Second Time in a Year
Enhanced StealC Version 2.0 Targets Crypto Wallets, VPNs, Gaming Apps, Browsers

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: