The National Fraud Intelligence Bureau reports that businesses in the hospitality sector are being targeted by criminals impersonating IT providers.
Typically, fraudsters will contact restaurants/hotels and claim to be from the company that provides their reservation or booking system. They try to convince the employee to reveal their login details, often under the guise that it’s required in order to complete an important software installation.
Once an attacker gains access to the business’ computer systems, they steal any personal data they come across, including databases of customer names and contact details. This data is then used to commit further scams, for example, victims have reported receiving calls from people impersonating a restaurant or hotel they have a reservation with. The caller requested a payment, claiming it was required to confirm their reservation.
Protect your business:
• Ensure that business accounts are protected using 2-step verification (2SV). This will help prevent unauthorised access even if an attacker knows an employee’s login details.
• Inform employees about types of information a supplier will and won’t ask for. Eg. a supplier would never need an employee’s password. Staff should inform a supervisor if they receive a request they’re unsure about.
• If you are a business or other organisation currently suffering a live cyber attack (in progress), please call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
• For advice on how to improve your business’ cyber security in an affordable and practical way, please see the National Cyber Security Centre’s Small Business Guide at www.ncsc.gov.uk/collection/small-business-guide