The hotel industry, which relies heavily on technology to manage guest services and operations, has become a prime target for cybercriminals. Phishing, when attackers pose as legitimate entities to trick individuals into divulging confidential information, has become the method of choice for hackers.
Steven Pieterse, CEO at IT and hotel technology specialist firm Metisware, warned that “in the wake of rising cyberattacks on the hospitality industry, hotel operators and property managers must be on high alert for a surge in phishing scams.”
Hackers use sophisticated techniques, including fake Google ads and counterfeit websites, to trick hotel staff into entering their login details. Once these credentials are compromised, cybercriminals gain access to sensitive guest information including payment data, booking records and personal details, putting the hotel and its guests at risk.
“Cybercriminals are targeting large hotel chains and small and medium-sized establishments,” added Pieterse.
Metisware urges all hoteliers to implement the following precautionary steps to safeguard their systems:
-
Change passwords regularly
Regular password changes will reduce the chances of unauthorised access.
Passwords must be complex, incorporating a combination of letters, numbers and special characters. Reusing passwords across different sites should be strictly avoided. Additionally, passwords should never be written down or shared with colleagues.
“Although it may seem a tedious task, the importance of password management cannot be overstated,” says Pieterse. “A weak or reused password is often the weakest link in a hotel’s security chain. Implement and enforce strong password policies to significantly reduce the risk of credential theft.” -
Beware of fake login pages and URL scams
Clicking on fraudulent ads can lead staff members to fake websites where their login details are stolen.
Hoteliers are strongly advised not to use search engines to locate login pages. Instead, they should bookmark official URLs to ensure they only access legitimate websites.
Another tactic involves criminals making subtle changes to the URL to trick users into thinking the site is legitimate. These minor alterations can easily go unnoticed, increasing the risk of users being misled and falling victim to the scam. -
Be wary of suspicious emails
Cybercriminals frequently use email phishing schemes to gain access to systems. Hoteliers should train staff to be vigilant when opening emails, especially those containing attachments or links. Verifying the sender’s email address and contacting them directly if there are any doubts is a critical step in preventing phishing attacks. -
Monitor outbound email activity
Unauthorised reservation confirmation emails sent from the hotel’s PMS can be a sign of a phishing attack. Hoteliers should regularly monitor outbound emails for suspicious activity. If unscheduled emails are sent without your knowledge, it is crucial to alert the security team immediately. -
Use firewalls and antivirus software
Not only should you be employing reputable firewalls and anti-malware software to detect and prevent malicious activity but these systems should be updated regularly to keep up with the latest threats. Ensuring that only authorised users have access to the PMS is also a vital measure. Regular audits should be conducted to remove access for staff members who have left the company.