It’s official, ‘hackers are checking into hotel Systems’, have you been Phished[1]?
Criminals are after your data so they can steal credentials and use them to get money, and this time it seems the gang associated with these attacks are the same as the ones who took USD 1Billlion from banks.
So how do they do it?
The first step is not hacking a computer but socially engineering[2] a person![3]
Step 1 – A phone call is received at a hotel reservation desk by a pretend hotel guest to discuss a problem confirming a reservation. They say they have a question, and can they help?
Step 2 – The caller says they have information about the reservation and would like an email to send to the reservation desk so the hotel can help them.
Step 3 – The caller sends an email to the reservation desk with an attachment. The hotel opens the attachment, which has malicious software called ‘Malware’. The malware is designed to find the sensitive information the caller wants and downloads more Malware tools to assist in its search.
Step 4 – The hotel system is now compromised and send all the information that the caller needed to them and the malware can stay on the system if they want to download future reservation information.
While this story was about a hotel chain, the same approach can be used for many businesses alike, and this is called a ‘Phishing Scam’. There are different types of Phishing scams, depending on the intended victim.
Help me protect myself from a Phishing Scam!
All staff should be trained on how to spot a potential scam, for example, not posting information on social media such as vacation plans, phone numbers, your address.
[1] The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
“an email that is likely a phishing scam”
[2](In the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.