Credit Card Fraud and the Latest Hacking Epidemic


If you’ve been following news in the hospitality industry, you may have noticed the recent widespread scandal involving hacked hotels. There are a lot of different ways to hack a hotel and, have no doubt, the hackers are getting creative but by far the biggest problem is their recent fixation on customer information. Trump hotels, the several Hyatts, and over a thousand Holiday Inn locations were hacked with credit card and client personal information stolen by hackers for inevitable use in future frauds.

In many cases, this information won’t be used immediately but rather sold to the highest bidder, much in the same way some marketers buy email lists. However, even if you’re not a hotel, you cannot assume your system or customer information is safe from the most recent hacking epidemic. In fact, this problem has been going on for years and it took a big-name hotel scandal to make businesses actually pay attention to the mounting cybersecurity risks.

All Merchants are Fair Game

Remember back in the days when most malware was really just adware which would junk up your screen and slow your computer, but not actually hurt anything? Those days are long gone. Hackers aren’t just looking to annoy you or trick you into buying bad foreign viagra. They want to make a buck and have decided they don’t care who it hurts. Just as hospitals have been held hostage with ransomware just to get a few BitCoins, hackers seeking credit card numbers have been known to target any company that processes credit cards (ie: almost everyone). While they prefer the big fish, sometimes smaller businesses are targeted because it’s believed they’ll have less cybersecurity established and be easier pickings.

Guest Wifi Intrusion

Among the normal malware intrusion techniques like worms and phishing, two distinctly new methods have been discovered during the investigation of the hotel hacks. The first one is how hackers have been getting into company networks through wifi provided for the guests. Whether you’re a hotel or just a trendy restaurant with a wifi zone, this news is incredibly important.

Some hackers have figured out how to compromise guest wifi systems in order to either plant malware on the company network or to spy on the work of other guests who may have been targeted for the purpose. In either case, if your business offers guest wifi you will want to talk to the head of your IT security team about hardening your wifi system to prevent this kind of hack.

Watch Out for Pushy Vishing Hackers

The second new tactic is even more difficult to prepare for because it involves some very clever (and pushy) social engineering. Most modern staff members know not to surf the internet or open attachments in emails from unknown senders, but what if the hacker is pretending to be a customer? Several hotels were infected by hackers who would call in pretending to be someone having trouble booking online.

When the hotel employee on the phone offers to book them manually, the customer insists on sending their personal information via email in, you guessed it, an attachment. If the staff member tried to dodge this trap, the ‘customer’ would get irate and insist that the email be opened, sometimes refusing to get off the phone until the infected attachment was clicked. To defend against this kind of attack, it’s time to warn every staff member about cyber safety policies and you may want to integrate email scanning and a safe file sharing platform in order to ensure that this trick cannot work on your staff, even the new hires.

Hackers are getting more malicious every year and their tactics less and less honorable. Where once hackers were split between the silly nuisances and the truly dangerous, with open sourced viruses and a cultural shift toward brutal grabs for money, malware is no longer a laughing matter. To protect your business from lawsuits and your clients from credit card and identity theft, there’s never been a better time to improve your cybersecurity and consider looking into PCI security standards. For more news and information on cybersecurity, contact us today!