Summer is in full swing and hoteliers are bustling through the busiest season of the year. As both temperatures and occupancy rates skyrocket, so does the risk of cybercrime. Unfortunately, threat actors don’t take vacations—so it’s as important as ever that you remain vigilant to protect your and your guests’ data.

In this week’s feature of the VENZA Echo, we’re taking a look at the latest cyber threats for hospitality this summer. From major data breaches to malicious new domains mimicking popular travel sites, we’re uncovering the digital dangers to keep you one step ahead.

Let’s jump right into it.

Booking Site Scams

One of the most alarming threats facing hoteliers is the recent rise of malicious booking website domains.

In May 2024, researchers found that 1 in every 33 new summer vacation-related domains was potentially malicious. Fake websites, designed to mimic popular travel brands like Agoda and Booking.com, trick unsuspecting travelers into submitting their personal information, which is then stolen.  

Even worse, these websites are also used in highly sophisticated phishing email scams. In one campaign, scammers impersonated Booking.com and sent emails with attached PDF receipts. When victims tried to open the attachment, they were told that the reader was not supported and were redirected to a malicious site that closely resembled the actual booking page (it even featured a nearly identical URL in the address bar). Meanwhile, two JavaScript files were secretly downloaded onto the victim’s device, compromising its security..]

Even if your hotel isn’t directly targeted, it’s crucial to warn guests of this looming threat because it can negatively impact their travel experience and harm your property’s reputation. To protect guests, remind them to always book directly through your official website. Tell them to be wary of clicking on links in seemingly legitimate emails and to contact the company directly before taking any action.

AT&T Data Breach

Earlier this month, telecom giant AT&T announced a large data breach that compromised tens of millions of cellphone records.

Included in the breach were nearly all the phone numbers of cellular customers and individuals whose wireless providers used AT&T’s network between May – October 2022. The compromised data involved phone numbers, call and text frequencies, and durations. Fortunately, AT&T has reported that the content of the communications was not revealed.

The breach resulted from an illegal download on a third-party cloud platform. While AT&T emphasized that the exposed data is not publicly available, they are investigating and cooperating with law enforcement. The company is notifying affected individuals and providing resources to protect their information.

A breach of this magnitude will have significant long-term repercussions, impacting even those hoteliers who are not AT&T customers. Cybercriminals often use compromised data for malicious activities like targeted phishing attempts and identity theft. Given the ongoing developments in this case, the best defense is to remain vigilant, stay informed, and keep up to date with the latest cybersecurity practices. Ensuring your team is aware of potential threats while maintaining robust security measures is crucial to protecting yourself against these evolving risks.

Vulnerabilities in Cloud-Based Applications

A new hacker group known as the Scattered Spider Gang is targeting widely used cloud-based business applications Okta, Salesforce, Azure, AWS, Workday, and Google Cloud Platform to steal data.

Specializing in data theft for extortion, this group uses social engineering techniques such as SMS phishing to trick cloud applications’ help desk agents into granting them access to high-level accounts. Once inside, they create fake virtual machines to maintain access and disable security protections to avoid detection. They then move stolen data freely to legitimate cloud storage services like Google Cloud and Amazon Web Services.

For hoteliers who increasingly rely on cloud-based solutions for efficiency and convenience, staying ahead of this threat is crucial to prevent third-party data breaches. Experts recommend enhanced monitoring of all cloud-based applications. Additionally, they suggest centralizing security logs from all services for better oversight, implementing multi-factor authentication (MFA), and enforcing stringent access controls to limit who can see and do what in your systems.

Conclusion:

As summer reaches its peak, hoteliers must remain vigilant against the rising tide of cyber threats. From the surge in malicious booking sites to significant data breaches like the one experienced by AT&T, the digital landscape is fraught with risks.

As leading experts in hospitality data protection, VENZA’s Security Team offers personalized expertise to help hoteliers navigate the unique cybersecurity threats in the industry. In partnership with us, your company can get started in as little as one month.

Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.