Vishing phone scams remain a critical threat to hospitality.

As highlighted in last week’s feature of the VENZA Echo, scammers are becoming increasingly sophisticated and exploiting evolving industry trends to prey on staff.

This week, we continue our three-part series on vishing, exposing the most common scams and tactics used by criminals to target hospitality teams and steal sensitive data.

Next week, don’t miss the final installment, where we’ll cover practical strategies for prevention.

Techniques

Vishing, like all other social engineering attacks, relies on psychological manipulation to exploit biases such as fear, urgency, and intimidation and trick staff into granting access, performing actions, or sharing sensitive data.

For hoteliers, phone scams often carry more credibility than others. Fraudsters frequently call the hotel’s direct line—the same channel used by guests, OTAs, and third-party vendors to resolve legitimate issues.

This initial authenticity strengthens the deceptive strategies scammers use to build trust and manipulate victims further.

In hotels, these common techniques include:

Urgency
Exploiting urgency, pressuring staff into acting without second-guessing. They demand immediate action, such as sharing credentials, authorizing transactions, or granting remote access, threatening consequences like system outages, bad reviews mentioning staff by name, or escalating complaints to management if their demands aren’t met.

Familiarity
Impersonating trusted industry figures such as vendors, OTAs, or brand customer care representatives—roles staff regularly interact with.
As callbacks are a standard method for addressing technical issues, one of the most mimicked roles is Property Management System (PMS) support.

It’s not uncommon for there to be gaps in communication between staff change. Similarly, it’s not unusual to receive a phone call to resolve an issue several hours after a ticket was first opened—with little prior knowledge.

Timing
Scams frequently occur during night audit shifts or outside vendor business hours because criminals target times when senior staff or IT support are unavailable for immediate verification.

This allows them to exploit oversight, communication lapses, and the inability of unsuspecting staff to validate their requests quickly.

Sensitive Requests
Mimicking routine inquiries to gain trust. Fraudsters may claim to be resolving tech issues, requesting credentials, or asking for remote access to “fix” a problem.

In some cases, the requests align perfectly with the employee’s duties—such as a guest needing directions via a link or a supposed refund for a digital card error—making the fraud harder to detect. These tactics also extend to chargeback fraud, with scammers pretending to represent OTAs or customer care teams demanding immediate refunds for fictitious disputes.

Common Scams

Because they’re so successful, some scams stand out as major risks.

These include:

1. PMS Update
This scam often targets night audit staff, with fraudsters claiming to be from the PMS provider. They typically insist that an urgent system update is required to ensure the night audit processes correctly.

The primary goal is to obtain the employee’s PMS credentials, though scammers may also request remote access to the system.
What makes this threat especially dangerous is the level of insider knowledge scammers leverage. They often know the specific PMS name and understand that updates are commonly processed during the night audit shift.

2. Tech Support
Tech support scams are among the oldest tactics in cybercrime, with fraudsters calling under the guise of resolving computer issues. This risk poses a significant challenge for hoteliers as IT support is often managed remotely and offsite.

Fraudsters exploit publicly accessible information, such as the name of a hotel management company, to appear legitimate. They may claim a staff’s workstation needs a vital software update or there was unusual activity detected. To solve the issue, they request remote access or the employee credentials.

An especially dangerous variation sees attackers targeting IT providers first, as seen in the 2023 MGM Resorts International breach. Hackers targeted MGM’s IT help desk and successfully impersonated an employee using information they gathered from LinkedIn. After a short call, they gained access to a super administrator account with privileges across all of MGM’s systems.

3. TOAD
TOAD combines phishing emails with other communication channels, like phone calls, to appear more legitimate and make it more likely employees will interact with malicious emails. These attacks have become a rapidly growing threat, with millions of these scams sent monthly.

TOAD often involves fraudsters impersonating OTAs or guests. Scammers may email and call the front desk, prompting them to click a malicious attachment under the guise of reviewing the details of a guest complaint. They also commonly impersonate guests who are having trouble locating the hotel, sending over an email with an attached screenshot of a fake position on a map. The employee clicks the attachment to discern where the guest is, unknowingly exposing their system to malware.

4. Guest Room Transfer
One of the oldest vishing tactics, the guest room transfer scam, poses risks to both guest data and personal safety.

The scam typically begins with a caller requesting a transfer to a room, often bypassing established security policies and procedures. Once connected, the scammer impersonates the front desk, claiming an issue with the guest’s billing information, and requesting their credit card details over the phone.

This scam is effective because the caller ID displays the front desk for internal transfers. In more elaborate versions, scammers are transferred to room service and then pose as staff or IT to gain details about guest transactions. They later call the front desk and request a transfer to a guest’s room. With that transaction data from earlier, scammers can easily convince guests to share their credit card information under the pretense of a billing issue.

The key danger lies in the trust created by caller ID during internal transfers, which scammers exploit to deceive both guests and staff.

5. Chargebacks
Between direct billing, credit card authorization forms, and OTA virtual payment cards, billing can be complex in hotels. This final scam preys on this, targeting payment card data specifically.

By impersonating an OTA or brand customer care representative, fraudsters trick hotels into issuing refunds under the pretense of a guest complaint or billing error. More concerning, they may ask staff to share credit card details from a reservation to “resolve an issue” or “verify” the card on file, successfully stealing sensitive payment information.

Conclusion

Vishing scams remain a critical threat to hospitality, using psychological manipulation, insider knowledge, and operational vulnerabilities to deceive staff. From PMS updates to sophisticated TOAD attacks, these tactics are growing in both scale and sophistication.

Next week, in the final installment of this VENZA Echo series, we’ll outline practical strategies to defend against these threats—focusing on staff awareness, procedural safeguards, and proactive measures to protect your team and your guests.

Feeling overwhelmed? Don’t worry. As hospitality’s leader in data protection, VENZA delivers tailored training programs and simulated vishing scenarios to test and fortify your team’s defenses. With our 360-degree approach to security, your hotels are protected from every angle.

Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.