A massive data leak affecting Ukrainians and Russians residing in Portugal has recently come to light, raising concerns about targeted vishing scams. The Association of Ukrainians in Portugal has lodged a formal complaint with the National Data Protection Commission (CNPD) after numerous immigrants reported receiving fraudulent phone calls. These calls, part of a sophisticated vishing operation, were made by individuals posing as inspectors from the Policia Judiciária (PJ), bank employees, or public prosecutors. They spoke in Russian and requested sensitive information such as bank account numbers. This alarming situation has prompted immediate action from both the association and affected individuals.
The president of the Association of Ukrainians in Portugal, Pavlo Sadokha, has revealed that the scam primarily targets Ukrainian immigrants, though it has also affected some Russian nationals living in Portugal. The fraudulent calls typically involve threats, aiming to extract financial details from the victims. Importantly, these intimidating calls avoid political topics, focusing solely on obtaining sensitive financial information. Though none of the victims appear to have succumbed to the scam so far, several have already filed police complaints. This prompted the Association of Ukrainians in Portugal to report the incidents to the CNPD, suspecting a significant data breach that facilitated the scammers.
The Scope of the Data Leak
Sadokha has suggested that the targeted individuals share a common trait—they are of Ukrainian origin—but they are not necessarily connected through specific social media groups. This observation indicates that the data breach could involve bulk personal data, including phone numbers, names, and possibly nationalities. Disturbingly, some of the individuals targeted by the scammers do not have their contact details registered in the association’s database. This hints at the possibility that the leaked data might be tied to more widespread social media platforms commonly used by immigrants residing in Portugal.
An essential aspect of combating this scam is tracing the source of the data breach. The unexplained appearance of personal information on such a large scale suggests that the compromised data could have come from multiple sources. It could involve social media platforms, online databases, or even data sold in underground markets. If the data breach isn’t pinpointed and addressed effectively, it leaves the immigrant community at a continuous risk of more sophisticated and possibly more harmful cyber attacks. For many, the initial reaction is one of shock, but as the pieces come together, it becomes clear that a more profound, systemic security issue needs to be resolved.
Previous and Current Advisory Measures
The PJ had already dealt with a similar vishing scam in English during the summer of 2023. Drawing from the experience, authorities have been advising the public against providing personal information or complying with instructions from such suspicious calls. The PJ also recommends recording the suspect number and promptly contacting police authorities to report the calls. These precautionary measures are crucial in containing the current wave of vishing scams and preventing even more individuals from falling victim to them.
Complementing the PJ’s guidance, the National Cybersecurity Commission’s (CNCS) good practice guide, accessible on its official website, offers further advice on protecting oneself from potential cyber threats. The CNCS guide instructs individuals not to click on attachments or links in suspicious emails or messages and to avoid sharing any sensitive data with unverified sources. These comprehensive measures form part of a broader strategy to cultivate public awareness and elevate the general level of cyber hygiene among immigrant communities, especially those particularly susceptible to targeted attacks.
Future Actions and Community Responses
A significant data breach affecting Ukrainians and Russians in Portugal has come to light, sparking concerns over vishing scams. The Association of Ukrainians in Portugal has filed a formal complaint with the National Data Protection Commission (CNPD) following reports of fraudulent phone calls to immigrants. These calls are part of an elaborate vishing scheme where the scam callers pretend to be inspectors from the Policia Judiciária (PJ), bank employees, or public prosecutors, speaking in Russian. They ask for sensitive information like bank account numbers. This situation has led to immediate action from both the association and the victims.
Pavlo Sadokha, president of the Association of Ukrainians in Portugal, stated that the scam mainly targets Ukrainian immigrants, though some Russian nationals in Portugal have also been affected. The fraudulent calls are threatening and aim to extract financial details from victims, steering clear of political topics. So far, none of the victims have fallen for the scam, but several have filed police complaints. This spurred the Association of Ukrainians in Portugal to report the scam to the CNPD, suspecting that a major data leak enabled the fraudsters.
