Hotel businesses targeted by cybercriminals through fraudulent emails

Kaspersky has discovered a new fraudulent attack scheme targeting hotel owners and their staff, with fraudsters attempting to steal credentials or infect computers with malware. The fraudulent emails, posing as correspondence from former or potential guests, exploit the hospitality industry's emphasis on customer service to trap their victims.

The misleading emails mimic valid customer questions or complaints, sent to the hotel's public email addresses or posing as urgent requests from Booking.com to address unsolicited user comments. However, the emails are actually from attackers aiming to trick hotel employees into revealing credentials or downloading malware.

The scammers create emails with believable content, making them appear to be genuine requests or customer complaints, a common part of a hotel staff's duties. Given the high value placed on reputation in the hospitality industry, staff tend to respond to these emails immediately. This eagerness increases the likelihood that they will click on malicious links or open harmful attachments, thus falling into the trap. Attackers use free email services such as Gmail, which are commonly used by visitors, to send their fraudulent emails. This makes it difficult for hotel staff to distinguish between legitimate emails and emails containing email threats.

Fraudulent emails generally fall into two categories. The first includes complaints from former visitors. These emails describe negative experiences, such as rude staff or dirty rooms, sometimes accompanied by photos or videos. The aim is to ask staff to click on links or open attachments containing malware. The second category includes emails that mimic questions from potential visitors. These emails ask about amenities, prices or availability or request help with trip planning. The goal of the attack is apparently to collect credentials to be used in future attack plans or sold on darknet forums.

According to Kaspersky's annual spam and phishing report, phishing emails and malware continue to be a major cyber threat. Last year, Kaspersky Mail Anti-Virus blocked 135,980,457 malicious email attachments, while the Anti-Phishing system prevented 709,590,011 attempts to access phishing links. Phishing and malicious emails often impersonate trusted entities and use sophisticated social engineering tactics to trick recipients into disclosing sensitive information or engaging with malicious links.

To keep your data protected from phishing attacks and leaks, Kaspersky experts recommend:

• Provide your staff with basic cyber hygiene training. Conduct a phishing attack simulation to ensure your employees know how to distinguish this type of email.
• Use protection solutions for mail servers with anti-phishing capabilities to reduce the likelihood of infection through a phishing email.
• Use a terminal and mail server protection solution with anti-phishing capabilities, to reduce the likelihood of infection through a phishing email.
• If you use the Microsoft 365 cloud service, don't forget to protect it as well. 
• Use easy-to-manage yet effective solutions. It helps prevent you from being locked out of your computer due to phishing emails or malicious attachments.
• Choose a solution exclusively for small and medium businesses with simple management and proven protection features.