Rising Cyber Scams In The Hospitality Industry: Threats And Prevention

The operations of hospitality are embedded deeply with modern technologies. Whether it is guest services, daily operations or revenue management, every segment of business in hotels is utilizing technology. Such is the impact of technology that we may find it impossible to imagine hotels without technology. The combined operation of any property is possible due to various technological products working in synchronization with each other. While it is an amazing feat it also makes hotel cyber security susceptible to vulnerabilities, as many of those components are being managed by different vendors and may present some loophole in case of any cyber-attack.

Recent years have seen a lot of threats to the hospitality technology security as we have seen a surge in targeted attacks on various hotels’ technology infrastructure to obtain sensitive information that generally hotels store on their systems. These attacks range from all out hacking attacks to phishing attempts and various ways to scam gullible hotel staff or even guests.

Various scamming activities have been reported in the hospitality industry in recent past, scammers have resorted to obtaining sensitive information from hotels by contacting their staff under false pretenses, and unfortunately sometimes have been successful in achieving their malicious purposes. Due to growing awareness in cyber security, the hospitality industry has spent a lot of time and money in improving their technology infrastructure security but scammers have also varied their tactics and are trying to come up with new creative ways to scam the property staff into providing them access to their systems.

Some of the common methods the scammers deploy to gain access to hotel servers involves unsolicited calls by the scammers and posing as a representative of some vendor or some other party such as:

Posing As An IT Support Agent

This scam involves in scammer placing an unsolicited call posing as a representative of the IT vendor or any other vendor and asks to be transferred to any other sections such as F&B (Foods and beverages) etc. After transferring the fraudster claims to be performing an upgrade and tries to obtain details regarding guests and hotel rooms etc. The scammer will then place another call to the front desk and will ask to be transferred directly to the guest, the attacker will then pose as a hotel representative and try to obtain credit card information or personal information from the guest citing any reason such as balance payments or refunds.

Impersonating OTA Agent

This involves in scammer sending an email posing as an OTA (online travel agency) and claiming that a guest needs help such as directions to the hotel. The scammer that asks hotel to contact the guest directly on email or any other service. When hotel contacts the “guest” they send a file or a link in the guise of google maps screenshot or any such file but in fact is a malicious malware. If the hotel downloads or open these files that can potentially install malware or virus on the hotel’s system that can be used to access sensitive information.

Claiming To Perform IT Maintenance Or Upgrades

A fraudster claiming to be representative of IT company contact the property mostly at very late or early hours an asks hotel staff to provide remote access to perform maintenance or upgradation activity. The scammer may ask the staff to access a website and download a file claiming to be remote access program. The file contains malicious software that scammers can use to access the data of the hotel.

How To Avoid These Scams

The foremost action that hotels need to take is to ensure that their staff is trained properly in handling the vendors and other such matters and educate them on proper channels to contact their vendors. Also, the hotel staff should be trained to filter out such scammers on unsolicited calls. The staff training is paramount to ensure that a hotel is not affected by any such scams. Hotels also need to upgrade their security systems and infrastructure to prevent any such attempts.