Skip to main content

Revealed: the secret cyber scams targeting the hospitality sector

(Image credit: Image Credit: Gustavo Frazao / Shutterstock)

With the freedom of wireless, comes the menace of wireless threats. We’re all aware of the risks around customer data theft in the hospitality industry. But the fact that such a wide range of sensitive information is held by hospitality firms — everything from credit card details to car registration numbers — hasn’t gone unnoticed by cybercriminals who use every trick in the book to hack into hotel computer systems.

What doesn’t tend to get so much airtime is what hackers do with all this information once they’ve stolen it. A quick trawl of the internet, including its murkier corners known as the dark web, however, reveals how criminals make money from this patchwork of stolen customer data.

One of the biggest scams employed by organised crime gangs is to use hacked data to set up what are effectively dark web travel agencies. A recent report by reveals how these illegal agencies use a wide range of stolen data to sell super-cheap holidays which can include five-star hotel stays, business-class flights, restaurant meals, shopping, entertainment and guided tours.

Seriously out of pocket

Hackers often offer discounts of more than 70 per cent thanks to hacked customer loyalty point accounts, employee discount schemes and credit card details, leaving law-abiding customers and businesses seriously out of pocket.

These black-market travel agents can be found on dark web market places such as Dream Market, with threads written predominantly in Russian, English and Arabic. Even where these market places are closed down, given the demand, new dark web sites rapidly spring up.

Typically, the travel agents advertise their prices along with other information such as how many days in advance of travel the client can book. Some underground travel agencies offer all-inclusive services, with flights, hotels, and taxis all covered by one price.

Most of the adverts for these agencies are highly designed with images portraying what some may consider the high life: attractive people, fast cars, speed boats and international landmarks. Once a customer contacts a black-market agent they are most likely directed to a messaging app where a service agent or bot will discuss hotel and travel arrangements.

Dark web travel agents

A common method is to provide the agent with a screen shot from a hospitality aggregation site such as Trivago, with all the necessary hotel check-in and check-out dates added. The agent then uses stolen data to secure a hugely discounted stay and adds a commission for themselves. Another method is to sell hacked loyalty points, so the customer can make the booking themselves.

As you can imagine all of these transactions are carried out using fake identities, which are also readily available on the dark web, and bitcoin to ensure the buyer remains anonymous.

Buyers’ attempts to remain anonymous don’t always work, however. In May 2019 British hacker Grant West was jailed by UK law enforcement after he used stolen data to fund gambling holidays to Las Vegas.

There are no official figures for the amount of money lost by the hospitality industry every year to this kind of crime, but all the estimates run into the billions.

Hospitality companies still need to modernise their infrastructure, train their staff, and hold their partners accountable. But they also need to take proactive measures to ensure their inevitable upcoming breaches will not put them in the news due to their slow response, lost revenue, and damaged reputation.

With that in mind, hospitality firms would be well advised to ensure that they have the best digital network they can afford underpinning their data solution so ensure it is slick, safe and secure. Without that solid digital foundation any investment in operational infrastructure could be wasted.

Without being too alarmist, it’s clear that hotel groups need protection across their networks, and that means robust security to counter the constant threat of attack. Thankfully it’s relatively easy to detect problems and protect your network. Robust firewalls are essential of course. And for added protection, you can prevent unauthorised network access to your LAN and other information assets by wireless devices, with a Wireless Intrusion Prevention System (WIPS).

Network connectivity – a foundation to build on

Security is an issue of increasing importance for the hospitality sector. Facing a changing regulatory landscape designed to heighten responsibility by threatening fines, many hospitality companies are reconsidering their cybersecurity infrastructure.

A hotelier’s data is precious to its business, so they can’t afford for it to fall into the hands of fraudsters. Hotel businesses need to ensure that any data travelling across the network is secure. The cost to a business for maintaining these systems in-house can be prohibitive and hotel owners can often find it difficult to determine which technologies are a passing craze and which will genuinely bolster network security infrastructure, and in turn, help drive profitable success.

One option is to work with a company who can host the data as well as the application securely offsite. This allows data to be managed securely offsite and takes the pressure off the hotel managing data in-house.  Choosing a managed network provides hospitality firms with a fixed cost, managed, reliable and secure communications network infrastructure on which to base their business operations.

Because responsibility for the network operation lies with a third party, staff can focus their energies on what’s most important – developing new business strategies. The managed network is designed, delivered and managed to meet the specific needs and budget for an organisation. Businesses get a resilient network that reliably and securely delivers data transactions. Through a reliable network, hospitality firms will be able to deliver a vastly superior customer experience.

What’s clear is that hospitality firms will need extremely robust and secure network connectivity before they can launch many exciting new customer-facing initiatives. And this shouldn’t be difficult to implement.

With competition for customer loyalty becoming tougher and tougher, the leaders will be those that choose the right network security technology and tech support partners and deliver something truly amazing. This ultimately creates a happier and more profitable work environment.

Bim Janadasa, cybersecurity expert, Vodat International (opens in new tab)

Bim Janadasa is a cybersecurity expert at Vodat International.