Spain and Portugal Power Outages Spark a Surge in Phishing Attacks
By: Marie Mamaril, Intelligence Team
Cofense Intelligence has seen an email campaign spoofing TAP Air Portugal, the Portuguese national airline. This specific campaign takes advantage of a headline about the April 28, 2025 nationwide power outage that occurred in Spain and Portugal. The emails were received while the power outage was ongoing.
The link embedded in the email directs to a credential phishing page designed to steal victims’ personally identifiable information (PII) and credit card details. The campaign appears to target both Portuguese-speaking and Spanish-speaking victims with two separate email subject lines (“Atualização de compensação: atraso em seu voo recente”, “Compensación por su vuelo: Complete su solicitud ahora”).
Email Content
As seen in the email in Figure 1, the email is mimicking TAP Air Portugal official communication that informs the victim that they may be eligible for a refund due to the EU’s “Air Passengers Rights Regulation” and that compensation will be directly transferred to their account within 2 working days. The subject lines prompt the user about a flight compensation form that needs to be filled out. However, the spoofed refund form asks for the recipient’s credit card details.
Figure 1: Email campaign spoofing TAP Air Portugal offering a tax refund due to cancelled flights.
Credential Phishing Page
Victims are prompted to provide sensitive information and credit card details on the credential phishing page under the guise of refunds for delayed and cancelled flights. This is related to news headlines about flights being cancelled due to the power outage.
Upon clicking the submit button, there is no further redirect page which suggests that the threat actor’s objective is simply to harvest the submitted data. The domains used in this campaign appear to be compromised WordPress sites.
Figure 2: The credential phishing page purports to be a refund eligibility form.
*** This is a Security Bloggers Network syndicated blog from Cofense authored by Cofense. Read the original post at: https://cofense.com/blog/spain-and-portugal-power-outages-spark-a-surge-in-phishing-attacks
