Analysis of crime reports by the National Fraud Intelligence Bureau reveals that the hospitality sector is increasingly being targeted by criminals impersonating IT providers.
Typically, fraudsters will call restaurants and hotels purporting to be a representative of the company that provides their reservation or booking system. The criminals will try to convince the employee to reveal their login details, often under the guise that it’s required in order to complete an important software installation.
Once an attacker gains access to a business’ computer systems, they’ll steal any customer data they come across, this will often include databases of customer names and contact details. This data will then be used to perpetrate targeted phishing scams that are highly convincing. For example, victims have reported receiving calls from people impersonating a restaurant or hotel they have a reservation with. The caller requests a payment from the victim claiming that it’s required in order to confirm their reservation.
How to protect your business:
- Ensure that business accounts are protected using 2-step verification (2SV). This will help to prevent unauthorised access to your computer systems even if an attacker knows an employee’s login details
- Employees who communicate with your suppliers should be informed of what types of information a supplier will and won’t ask for. For example, a supplier will never ask for an employee’s password. Staff should be encouraged to speak with a supervisor if they’ve received a request they’re unsure about.
- If you are a business, charity or other organisation which is currently suffering a live cyber attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
For more advice on how to improve your business’cyber security in an affordable and practical way, please see the National Cyber Security Centre’s Small Business Guide
Recommended police services available to organisations in the hospitality sector:
Protect network: The Protect network leads the law enforcement response of protecting the public from being targeted in a cyber-attack and empowering individuals and organisations to protect themselves. There are staff across each local police force and Regional Organised Crime Unit (ROCU) in the United Kingdom to offer consistent advice.
Cyber Resilience Centre (CRC): There is a police-led, not for profit Cyber Resilience Centre in every region in England and Wales to help businesses better protect themselves against cyber threats. Each CRC offers flexible membership packages to suit the needs of all businesses with the Core Membership being free of charge. South East Cyber Resilience Centre Website
– Hampshire Alert –