Cybercrime has multiplied exponentially in recent years in all sectors, including the hotel industry. But what are the most common cyber-attacks in hotels?

Spear phishing

As a variant of phishing, spear phishing is a very sophisticated attack. The cybercriminal, by researching the hotel’s website or a professional network such as LinkedIn, obtains the hotel’s booking email address. Once they have it, they carry out a first attack to obtain the credentials of the account and impersonate the hotel. From there, the cybercriminal becomes the manager of the bookings and collects the money from them in his own bank account.

Web cloning

An exact clone of the hotel’s website is literally made or one as similar as possible is developed. The aim is to trick prospective guests into accessing the fraudulent website and booking through it.

Wi-Fi

It goes without saying that most hotels nowadays provide their guests with a Wi-Fi connection. However, the hotel has to take into account that the internal network must be segmented from the guest network to preserve its security. In addition, it is highly recommended to have a captive portal that manages the traffic and offers a series of advantages for the hotel.

BYOD attacks

Bring Your Own Device (BYOD) has exploded as a result of teleworking, whether using mobiles, tablets or laptops. This has resulted in a lack of security control by companies, which has led to an increase in incidents and cyber-attacks that pose a great risk to the entire company.

Supply chain

Most hotel booking websites in turn connect to various intermediaries. This situation is exploited by cybercriminals to obtain customer information through any of these companies. They even achieve their goal of stealing credentials through them to carry out a more targeted attack.

QRishing

Although less common in the hotel environment than in the hospitality industry, attackers can take advantage of the opportunity to alter the QR code. Whether through the code on the restaurant menu or hotel services, the criminal will attempt to redirect guests to a fraudulent link, infecting and compromising the security of their devices.