New wave of phishing attempts reported by the Postal Police following reports received over the course of these weeks: scammers send messages via email or WhatsApp to those who have booked trips on online platforms, posing as the platform or agency used to book and claiming that the payment for the trip was not successful. At that point, having obtained the attention of his victim, the criminal “drops the ace” by asking for a new urgent deposit into a different account. Let’s see how to recognize this scam and what to do to defend yourself.
How the scam against those who booked trips online works
The scam starts with receiving a message that arrives on WhatsApp or via email. In the message in question, the cyber criminals refer to very specific details regarding the booking of a trip actually made by the contacted user. As explained by the Postal Police «the victim has actually made a booking and the amount indicated in the fraudulent message corresponds exactly to the amount agreed with the agency or platform. This element makes communication particularly credible and insidious».
This makes the phishing attempt potentially effective. In addition to giving the communication a certain aura of credibility, the bad guys also trigger feelings of urgency in potential victims by claiming that the amount already paid «is not accredited» or what is «under review», two expressions deliberately vague but compatible with real administrative procedures. This, combined with the fact that the exact amount of the booking is referred to, could lead the contacted user to trust the message and make a new payment to avoid losing the travel booking.
Urgency, as is often the case with phishing, is a key element: it reduces the time spent on verification and increases the likelihood of impulsive decisions. From a technical point of view, the most relevant signal is the request to send the money to a current account other than the official one. This change of bank details, although justified in the message, is incompatible with the standard procedures of structured travel platforms and serious travel agencies.
What to do to defend yourself
To defend yourself from scams, you must first be able to distinguish legitimate communications coming from the booking platform or travel agency you have contacted from fraudulent messages coming from cyber criminals. In addition to this, you must then follow the instructions provided by the Postal Police itself by not making further payments, not clicking on any links in the messages and contacting the customer service of the platform or agency you turned to via the various official contacts available.
In the event that you have already fallen victim to this scam, notify your bank to see if there is the possibility of blocking the operation and, obviously, report the incident to the Postal Police, using this form.
