Highlights

*Phone scams are a growing threat to hospitality.

*Front desk staff’s shifting role increases their vulnerability.

*Vendor reliance and 24/7 operations make hotels key targets.

Overview

Vishing—the practice of manipulating staff over the phone—has rapidly become one of the most significant cybersecurity threats facing hospitality.

Why? Because these scams are not only growing in sophistication and scale, but they also exploit key structural changes in the industry: fewer reservation calls and more problem-solving at the front desk.

This week’s feature of the VENZA Echo begins a three-part series on the rising vishing threat to hoteliers. We’ll explore the surge in phone scams, reveal common tactics, and provide insight into defense.

Threat Landscape

Social engineering attacks, like vishing, account for 68% of all data breaches worldwide, making them one of the most significant cybersecurity threats facing businesses.

The reason is clear: as cybercrime accelerates, organisations have invested heavily in tools and technology for threat defense. Social engineering bypasses these, exploiting human psychology to manipulate staff into voluntarily disclosing sensitive information.

Phishing scam emails represent the most prevalent threat in this space. However, vishing is rapidly gaining ground. The U.S. Federal Trade Commission (FTC) reports that phone scams are now the second most common fraud method after email phishing, responsible for over $1.2 billion in financial losses annually.

Vishing becomes even more dangerous when paired with a tactic known as pretexting, where attackers craft a believable backstory to earn the target’s trust. This strategy has fueled an alarming 554% surge in hybrid vishing attacks in 2023.

Compounding this threat is the rise of AI technologies. Attackers can now use voice cloning and deepfake tools to convincingly impersonate trusted individuals. Because this technology is readily accessible, it’s already become a part of cybercriminal’s tool kit.

A recent study revealed that 1 in 10 individuals have already been targeted by AI-powered vishing scams, with 77% of victims reporting financial losses. This problem isn’t limited to individuals—over half of businesses in the U.S. and UK report being targeted by financial scams leveraging AI-driven deepfake technologies as well.

Rising Trends

Social engineering attacks against the hospitality industry saw a 300% increase in the first half of 2024, with vishing emerging as a dominant vector.

The impact of this trend became clear in late 2023, when three major hotel groups suffered multi-million-dollar cyberattacks in a single month, two of which stemmed directly from vishing incidents.

In August and September 2023, MGM Resorts International and Caesars Entertainment fell victim to multimillion dollar ransomware attacks. Both incidents used vishing and pretexting tactics to exploit staff and gain first entry into their systems.

Since 2022, VENZA has observed a sharp rise in vishing attacks, now representing nearly 40% of all reported incidents. The primary target? Front desk and guest services staff, especially those working the night audit shift.

Staff Susceptibility

Vishing scams are a long-standing threat to hotel front desk teams. A common tactic sees attackers calling the front desk and requesting a transfer to a guest room. Once connected, they impersonate front desk staff, claiming there’s an issue with the guest’s credit card on file. Trusting the caller ID, guests unknowingly share their credit card details, falling victim to immediate fraud.

Because this scam was so effective, it played a key role in motivating the establishment of procedures for authenticating callers before transferring them to guests, one of the early standards for hospitality phone security.

On top of the growing frequency and sophistication of attacks, a major cause of vulnerability lies in the evolving role of front desk staff.
With 60% of hotel reservations now made online and 73% of travelers preferring mobile check-in experiences, the role of the front desk has shifted significantly. Guests increasingly use mobile devices for checking in and out, making payments, ordering food, and more.

Once primarily tasked with routine duties, today’s front desk teams have become problem-solving hubs, responsible for managing complex issues that fall outside automated systems. Pressure to deliver quick customer service resolutions has intensified, placing increasing greater responsibility on staff—often as the first and only point of contact when problems arise.

Unlike email phishing, phone calls demand instant decisions, relying on staff instincts rather than careful review. Scammers are aware of this dynamic and actively exploit the guest-first mindset of front desk staff. Under pressure, employees are more likely to overlook warning signs or red flags. This vulnerability becomes even more pronounced during overnight shifts, where night staff often operate alone or with minimal supervision.

Adding to these challenges, hoteliers now face a more complex operational landscape, standing out as one of the few industries that maintained 24/7 operations after the COVID-19 pandemic.

This around-the-clock risk further is compounded by an increased reliance on third-party vendors and growing dependence on online booking platforms.

Moving Forward

Vishing remains one of the most serious threats to hospitality cybersecurity, targeting the front desk’s evolving responsibilities and reliance on immediate decision-making during phone interactions.

In this first installment of our three-part series, we’ve explored why vishing is rising and how it uniquely impacts hospitality staff.
Stay tuned for our upcoming features, where we’ll break down common vishing tactics and share practical strategies to protect your team and guests.

Feeling overwhelmed? Don’t worry. As hospitality’s leader in data protection, VENZA delivers tailored training programs and simulated vishing scenarios to test and fortify your team’s defenses. With our 360-degree approach to security, your hotels are protected from every angle.
Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.