Given 15 million online hotel reservations are made on bogus third-party sites every year, travellers and guests are on high alert about being scammed.
These rogue websites trick people into thinking they’re reserving directly with their hotel of choice then go on to steal their information and money.
However, travellers aren’t the only people in the industry who should be worried; your hotel business is just as much of a target as anyone else, and you need to be aware of what phishing is and how to stop it.
In 2016, 76% of organisations reported they had been the target of a phishing attack.
Let’s go through what it is, what it may look like, and how to prevent your hotel falling victim to email scams and phishing.
What is a phishing scam?
As the name suggests, phishing is quite similar to ‘fishing’ although far more malevolent.
Whoever the phisher or hacker is attempts to lure their target into opening a malicious download, clicking on fake links, or entering personal information in order to steal data or identities. The end goal, of course, is to make money at someone else’s expense.
In the case of a business like your hotel, the most common form of phishing would come via email. Likely to be posing as a friend, co-worker, manager, or trusted company the email would make a seemingly reasonable request to open an attachment or verify information but would then infect your computer and capture valuable data.
What does a phishing email look like?
Often a phishing email will look very similar to a normal email you would expect to receive, which is why people can get caught out.
Usually the email subject will be around changing a password, discussing transactions, updating information, important notifications etc.
Consider this example of a phishing email from scammers posing as eBay:
Seems perfectly legitimate on first glance but it’s hiding some concerning secrets.
Here are some clues that may indicate this is a phishing email:
- It’s simply addressed to ‘sir’, rather than anyone in particular
- The threat of account suspension – if eBay truly believed the account was being used for fraud they would suspend it immediately
- Spelling and grammar errors – note ‘advise’ is misspelled as ‘advice’. Phishing emails commonly contain errors like this
- The link reveals itself to be a fake website if you hover over it, instead of clicking it
- You should also carefully check the incoming email address. Sometimes it’s complete nonsense, but often it will closely mimic the real address it’s passing itself off as.
Looking for these clues will help your hotel avoid being caught by these online scams.
How can you prevent being targeted by phishing emails at your hotel?
It’s particularly important you keep your data safe as a security compromise could also endanger the information of your guests, which could do catastrophic damage to your hotel’s reputation and brand image.
There’s a whole range of actions you can take to reduce the amount of phishing emails you receive, and also how to make sure you delete them immediately if they make it to your inbox.
Here’s a list of preventative measures for any email you suspect might be fake:
- Ensure anti-spyware, anti-virus, and anti-malware tools are installed and up-to-date on your systems
- Make sure all your applications are regularly updated
- Check the spelling and grammar of emails you receive
- Test links and attachments before opening them
- Pay close attention to email addresses and the specificity of email content – authentic emails will include your name, account information/numbers etc.
- Be wary of fake login screens trying to capture information – the website URL will not be legitimate
- Run an education session for all hotel employees, since less informed staff members may take the bait
Once you know how to spot general phishing emails you should be relatively safe from harm.
There are more complex attacks, known as ‘spear phishing’, which target high profile figures (whales) such as celebrities, but these should affect your hotel far less.