Scams targeting hospitality sector

25.01.23

Threat Intelligence Alerts

Information provided by the City of London Police has advised that analysis of crime reports by the National Fraud Intelligence Bureau reveals that the hospitality sector is increasingly being targeted by criminals impersonating IT providers.

Typically, fraudsters will call restaurants and hotels purporting to be a representative of the company that provides their reservation or booking system. The criminals will try to convince the employee to reveal their login details, often under the guise that it’s required in order to complete an important software installation.

Once an attacker gains access to a business’s computer systems, they’ll steal any customer data they come across, and this will often include databases of customer names and contact details. This data will then be used to perpetrate targeted phishing scams that are highly convincing. For example, victims have reported receiving calls from people impersonating a restaurant or hotel they have a reservation with. The caller requests a payment from the victim, claiming that it’s required to confirm their reservation.

Cyber Essentials: This scheme helps organisations guard themselves against the most common cyber threats and demonstrates a commitment to cyber security. Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have Cyber Essentials technical controls in place. It shows you how to address the basics and prevent the most common attacks.

The Scottish Business Resilience Centre (SBRC) has worked with Cyber Essentials Certifying Bodies based and operating in Scotland to support small and large organisations to focus on cyber hygiene and achieve Cyber Essentials or Cyber Essentials Plus. Find out more here.

Exercise in a Box: This is a product created by the National Cyber Security Centre and delivered by SBRC in Scotland. It’s a 90-minute non-technical workshop which helps organisations find out how resilient they are to cyber attacks and practice their response in a safe environment. Find out more here.

Early Warning service: Register (free) for the NCSC Early Warning (EW) service. EW is designed to help organisations defend against cyber attacks by providing timely notifications about possible incidents and security issues. The service automatically filters through trusted threat intelligence sources to offer specialised alerts for organisations so they can investigate malicious activity and take the necessary steps to protect themselves.

Board Toolkit: The NCSC Board Toolkit covers a range of cyber security topics, starting with an introduction to cyber security specifically written for board members. Other topics include understanding the threat, collaborating with suppliers and partners, and planning a response to a cyber incident. Each topic is filled with straightforward guidance and helpful questions that board members can ask their technical teams.

CiSP: Register (free) for the NCSC Cyber Security Information Sharing Partnership (CiSP). This is a secure online forum to exchange cyber security information in real-time, in a confidential and dynamic environment. Membership increases situational awareness through the sharing of threat assessments, advisories, alerts, and vulnerabilities.