This threat involves a sophisticated phishing campaign where attackers impersonate employees of major airlines and airports such as Amsterdam Schiphol, Emirates Airlines, Etihad Airways, Lufthansa, and Qatar Airways. The attackers send initial emails announcing a new partnership program, aiming to engage recipients in a seemingly legitimate business dialogue. Following initial contact, they provide fabricated but plausible documents like registration forms and non-disclosure agreements to build trust. These emails do not contain malicious attachments or links, making them harder to detect with traditional security tools. The core of the scam is a request for a refundable deposit, typically several thousand dollars, purportedly to secure a priority spot for partnership consideration. The attackers promise to refund the deposit once the partnership is finalized, exploiting the victim's desire for business opportunities. The campaign also extends to companies in the oil and gas sector, indicating a broad targeting strategy. Detection relies on scrutinizing sender email domains against official company domains and recognizing the unusual business practice of requiring deposits. The scam leverages social engineering without technical exploits, making it a challenge for automated defenses. The campaign has been active since September 2025, with thousands of emails detected and blocked by Kaspersky's solutions. The threat highlights the importance of verifying unsolicited business proposals through official channels and maintaining high employee awareness, especially in finance, sales, and procurement departments.

For European organizations, this phishing campaign poses a significant financial risk through fraudulent money transfers. Companies engaged in procurement, sales, or partnerships with airlines, airports, or related sectors may be targeted, potentially leading to direct monetary losses. The social engineering nature of the attack can also erode trust within business communications and damage reputations if fraudulent transactions become public. Small and medium enterprises may be particularly vulnerable due to less mature security awareness and controls. The absence of malware or technical exploits means traditional endpoint protections offer limited defense, increasing reliance on human vigilance and email security gateways. Additionally, the campaign's use of well-known European airline brands increases the likelihood of targeting organizations within Europe, potentially disrupting legitimate business operations and causing financial and operational setbacks. The psychological impact on employees and the potential for follow-up attacks exploiting compromised trust relationships also represent secondary risks.

Implement advanced email filtering solutions at the corporate gateway that can detect and quarantine phishing attempts based on sender domain anomalies and suspicious content patterns. Conduct targeted security awareness training for finance, procurement, and sales teams emphasizing the identification of social engineering tactics, especially unusual payment requests and verification procedures. Establish strict internal protocols requiring independent verification of unsolicited partnership offers by contacting companies through official channels listed on their verified websites. Deploy multi-factor authentication and strict access controls for financial transaction approvals to prevent unauthorized fund transfers. Encourage a culture of skepticism towards unsolicited business proposals involving upfront payments, and maintain updated contact lists of legitimate partners to cross-check suspicious communications. Utilize automated security awareness platforms, such as Kaspersky's Automated Security Awareness Platform, to provide continuous and measurable employee training. Regularly review and update incident response plans to include procedures for handling suspected phishing fraud. Monitor financial transactions for unusual patterns that may indicate fraudulent activity related to such scams.