Phishing: "travel reimbursement" by Thomas Cook is aimed at sensitive data


Currently, the insolvent travel provider Thomas Cook warns of phishing emails. After the bankruptcy, fraudsters apparently want to scavenge sensitive customer data by requesting by e-mail a copy of the ID card or ID passport, including a recognizable name and the associated signature. To reimburse the "full travel expenses", full details of the credit card are required, including credit card number, validity, and the check number from the back.

Thomas Cook warns since Saturday on his homepage and on Twitter: "There is currently a nasty email scam: This email is declared as an official message from Thomas Cook with the subject: 'Important: refund of your Thomas Cook trip.' It queries sensitive data, such as passport and credit card information. " According to media reports, the e-mail lacks information such as booking numbers and names of those affected.

The emails seem to be sent indiscriminately. This and the missing customer and travel data in the emails do not indicate that customer data was taken from Thomas Cook. In the e-mail, the fraudsters request that the e-mail be forwarded to the contracting person for the travel booking if the recipient is not that person. Telephone inquiries should also be waived due to the high call volume.

Also on credit card information aims a phone action in connection with the Thomas Cook bankruptcy. Again, the fraudsters offer the reimbursement of travel expenses, such as daily mail reported, As part of the Second European Payment Directive (PSD2), which is intended to provide, inter alia, more security, the Federal Financial Supervisory Authority (BaFin) "temporarily" is not on the strong customer authentication. In addition to the credit card number and check digit, this requires an additional transaction number and password, which would make it significantly more difficult for the fraudsters.

Even before the start, the new PSD2 guideline was used to collect customer and bank data. For this purpose phishing emails were sent with the request to confirm the customer data for alleged conversion to the European security guidelines under threat of an "account freezing" on fake bank pages.


. (tagsToTranslate) Credit Card Fraud (t) PSD2 (t) Phishing (t) Phone Phishing (t) Thomas Cook