If you invest in phishing protection software, which you should, you probably think you’re safe from phishing attacks. It would be nice if that were true, but it’s not. Unfortunately, we live in a tightly-coupled financial ecosystem where vulnerability to one of us is a vulnerability to all.
I’ll bet that when you stay at a hotel, you don’t give much thought to how the hotel’s vulnerability to phishing attacks can affect you. But you should. Because we live in a tightly-coupled financial ecosystem. And because the hospitality industry is under attack from cybercriminals.
According to an article on the Security Week website titled Cybercrime Campaign Targeting Hospitality Sector Intensifies, “The activity associated with a cybercrime campaign targeting hospitality companies has intensified this year. Referred to as RevengeHotels and active since 2015, the campaign targets hotels, hostels, hospitality and tourism companies to steal credit card information from hotel management systems and data received from popular online travel agencies such as Booking.com.”
Kaspersky has confirmed that more than 20 hotels are victims of the latest exploits by two groups, RevengeHotels and ProCC. The article on Secure List goes on to say that “One of the tactics used in operations by these groups is highly targeted spear-phishing messages. They register typo-squatting domains, impersonating legitimate companies. The emails are well written, with an abundance of detail.”
The strange thing is, these attacks are not particularly novel. They use emails carrying malicious Word, Excel or PDF attachments and domain-spoofed embedded links. These are the exact types of exploits that are easily detected and blocked by phishing protection software.
Cloud-based phishing protection software with Advanced Threat Defense, like that from PhishProtection.com, is perfectly situated to stop these attacks. Because it sits between the email sender and email recipient, cloud-based Phish Protection has the opportunity to scan the emails for any kind of malicious content. And when it discovers any, it prevents the email from reaching the intended victims inbox. In other words, it’s not even possible for someone to get phished because they never see the threatening email.
The big question that needs to be asked is, why aren’t more hotels protecting themselves from phishing attacks with this technology? Perhaps on hotel review websites like TripAdvisor they can start including information about the cybersecurity infrastructure in place at hotels so guests can make more informed reservation decisions.
If you work in the hospitality industry, or even if you don’t, you owe it to your customers to keep their information safe. You owe it to your customers to be protected from phishing attacks. You owe it to your customers to get Phish Protection.