New wave of phishing attempts reported by Postal Police following reports received over the course of these weeks: scammers send messages via email or WhatsApp to those who have booked trips on online platforms, pretending to be the platform or agency used to book and claiming that the payment for the trip was unsuccessful. At that point, having obtained the attention of his victim, the criminal “drops the ace” by asking for a new urgent payment on a different account. Let’s see how to recognize this scam and what to do to defend yourself.
How the scam against those who booked trips online works
The scam starts with receiving a message that arrives on WhatsApp or via email. In the message in question, the cyber criminals refer to very specific details regarding the booking of a trip actually made by the contacted user. As explained by the Postal Police «the victim has actually made a booking and the amount indicated in the fraudulent message corresponds exactly to the amount agreed with the agency or platform. This element makes communication particularly credible and insidious».
This makes the phishing attempt potentially effective. In addition to giving communication a certain aura of credibilitythe bad guys also trigger feelings of urgency in potential victims claiming that the amount already paid «is not accredited» or what is «under review», two expressions deliberately vague but compatible with real administrative procedures. This, combined with the fact that reference is made to the exact amount of the reservationcould lead the contacted user to trust the message and make a new payment to avoid losing the travel booking.
Urgency, as is often the case with phishing, is a key element: it reduces the time spent on verification and increases the likelihood of impulsive decisions. From a technical point of view, the most relevant signal is the request for send the money to a current account other than the official one. This change of bank details, although justified in the message, is incompatible with the standard procedures of structured travel platforms and serious travel agencies.
What to do to defend yourself
To protect yourself from scams, you must first know distinguish legitimate communications coming from the booking platform or travel agency you contacted from scam messages coming from cyber criminals. In addition to this, you must then follow the instructions provided by the Postal Police themselves by not making further payments, by not clicking on any links present in messages and by contacting the platform or agency’s customer service who were contacted through the various official contacts available.
In the event that you have already fallen victim to this scam, notify your bank to see if there is the possibility of blocking the operation and, obviously, report the incident to the Postal Police, using this form.
