Two Arrested After €14,000 in Fraudulent Travel Bookings in Santa Maria da Feira
Portugal's Judicial Police have arrested two individuals in Santa Maria da Feira following unauthorized access to a travel agency account that resulted in over €14,000 in fraudulent bookings. The suspects face charges under Portuguese cybercrime laws.
What Happened
The Polícia Judiciária (PJ) launched an operation in the Aveiro district municipality after reports that a local travel agency's corporate account had been breached. The suspects gained unauthorized access to the booking system and made multiple reservations for flights, accommodation, cruise packages, and theme park admissions without authorization.
The fraudulent transactions exceeded €14,000. Both individuals have been formally charged as arguidos (defendants) under Portugal's cybercrime laws, specifically for acesso ilegítimo (unauthorized access) and burla informática e nas comunicações (computer and communications fraud). These offenses carry potential prison sentences under Portuguese criminal law.
Common Methods in Travel Agency Fraud
While the specific method used in this case has not been disclosed, travel agencies are typically targeted through common cybersecurity weaknesses. Phishing campaigns, where fraudsters send deceptive emails to employees, remain a frequent entry point. Credential stuffing—using leaked passwords from previous breaches—is another tactic. Industry experts also note that weak access controls and outdated security systems can leave agencies vulnerable.
What This Means for Residents
Anyone who has recently booked travel through the affected Santa Maria da Feira agency should monitor their bank statements and credit reports for unusual activity. If you receive unexpected booking confirmations or requests to verify account details you didn't initiate, contact the agency directly before responding.
For travelers more broadly, book only through verified platforms with secure payment systems (indicated by HTTPS and padlock icons). Enable two-factor authentication on all travel-related accounts, including airline and hotel loyalty programs.
For Travel Businesses
Travel agencies and tour operators should prioritize cybersecurity measures, including access control policies that limit system credentials to employees who need them, regular security audits, and staff training on recognizing phishing attempts. Reporting suspected attacks to the Polícia Judiciária's cybercrime unit or the National Cybersecurity Center (CNCS) is essential.
Investigation Status
The Polícia Judiciária has not disclosed whether the suspects are part of a larger criminal network or if additional arrests are anticipated. The case remains under judicial secrecy, a standard practice in Portuguese criminal proceedings.
The Portugal Post in as independent news source for english-speaking audiences.
Follow us here for more updates: https://x.com/theportugalpost
Portuguese banks avoided €225M cartel fines via prescription. If you had loans 2002-2013, you may be covered by €5.4B class action for compensation.
INTERPOL Red Notices now actively enforced at Lisbon Airport with arrest rates up 34%. Essential guide for residents and travelers on border security changes.
Police detained 235 drivers in Portugal’s Christmas traffic blitz, leaving 2 dead and 14 injured. Learn how to avoid fines and stay safe on the roads.
A €3M prescription scam in Porto exposes flaws in Portugal’s SNS. New e-prescription checks and real-time alerts aim to stop fraud—learn how to protect your medication records.