Why can't you trust dissatisfied customers?
Sophos has identified a global phishing campaign targeting hotel employees around the world. Malefactors send malicious emails disguised as disgruntled guests. The goal is to steal passwords to gain access to confidential hotel data.
Emails are sent on behalf of clients who have allegedly encountered problems during their stay. These can be a wide variety of complaints-from suspicions of poisoning to accusations of inattentive treatment of people with disabilities.
Cybercriminals carefully create cover stories to inspire empathy among employees and gain their trust. For example, letters were found allegedly on behalf of a person who left a camera with photos of a deceased relative in the room.
As soon as the hotel representative responds to such a message, requesting additional details, the scammers respond with a new email. It contains links to documents confirming their complaint – contracts, receipts, medical reports, etc.
In fact, links lead to cloud storage sites like Google Drive, Mega, or Dropbox. The archived files contain malicious software. The message text also contains a password for accessing these archives.
Sophos researchers note that attackers use advanced social engineering techniques and are extremely adept at manipulating victims, bringing them to emotions.
A similar pattern of attacks has already been used against US tax firms. Then the scammers also sent phishing emails before the deadline for filing returns.
Sophos experts urge hotel employees to be vigilant and not open suspicious files from unknown sources. You should pay close attention to any non-standard queries, especially if they contain links or attachments.
Cybercriminals can steal confidential customer data, including payment details. This will lead to financial losses for hotel owners, as a lot of money will be spent on compensation and, if necessary, restoration of broken systems.
In addition, access to employees correspondence will allow attackers to track their plans and actions. They will be able to use the information obtained in this way in further attacks, for example, for targeted phishing of specific employees.
Hotels in the US, UK, Germany, Italy and Spain are most often affected. However, phishing mailings are conducted all over the world in different languages.
To protect themselves, experts recommend that companies conduct regular training in cyber hygiene and threat recognition.
Sophos has identified a global phishing campaign targeting hotel employees around the world. Malefactors send malicious emails disguised as disgruntled guests. The goal is to steal passwords to gain access to confidential hotel data.
Emails are sent on behalf of clients who have allegedly encountered problems during their stay. These can be a wide variety of complaints-from suspicions of poisoning to accusations of inattentive treatment of people with disabilities.
Cybercriminals carefully create cover stories to inspire empathy among employees and gain their trust. For example, letters were found allegedly on behalf of a person who left a camera with photos of a deceased relative in the room.
As soon as the hotel representative responds to such a message, requesting additional details, the scammers respond with a new email. It contains links to documents confirming their complaint – contracts, receipts, medical reports, etc.
In fact, links lead to cloud storage sites like Google Drive, Mega, or Dropbox. The archived files contain malicious software. The message text also contains a password for accessing these archives.
Sophos researchers note that attackers use advanced social engineering techniques and are extremely adept at manipulating victims, bringing them to emotions.
A similar pattern of attacks has already been used against US tax firms. Then the scammers also sent phishing emails before the deadline for filing returns.
Sophos experts urge hotel employees to be vigilant and not open suspicious files from unknown sources. You should pay close attention to any non-standard queries, especially if they contain links or attachments.
Cybercriminals can steal confidential customer data, including payment details. This will lead to financial losses for hotel owners, as a lot of money will be spent on compensation and, if necessary, restoration of broken systems.
In addition, access to employees correspondence will allow attackers to track their plans and actions. They will be able to use the information obtained in this way in further attacks, for example, for targeted phishing of specific employees.
Hotels in the US, UK, Germany, Italy and Spain are most often affected. However, phishing mailings are conducted all over the world in different languages.
To protect themselves, experts recommend that companies conduct regular training in cyber hygiene and threat recognition.
