Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.
Imagine you have dinner reservations for this weekend at an upscale restaurant. A few days prior, you receive a call from the restaurant where they provide your reservation details and ask you to provide your credit card information again to verify the reservation. Seems legitimate, as the caller knows all about your reservation, and the call timing is near perfect.
But in reality, it’s a scammer stealing your credit card details.
This is what happened this month to U.K. diners planning on eating at London’s Ritz hotel. The Ritz confirmed the data breach last week, citing a breach to their food and beverage reservation system. According to reports, the phone number provided on caller ID matched that of the Ritz.
It’s possible that attackers installed a remote access trojan on a system within their restaurants, or even moved laterally within the Ritz’s network, eventually settling on an endpoint hosting their food and beverage reservation application. In either case, a breach is evident.
This attack demonstrates how conniving cybercriminals can be, as well as how valuable enough a stolen credit card is to be worth all the effort of not just compromising a network, but breaking into the reservation system, and calling patrons to obtain their credit card details.
Staying vigilant against attacks – whether a phone-based vishing scam, phishing attack via email, or social engineering scams on the web – is key to stopping these types of attacks in their tracks. Security Awareness Training can provide employees with the knowledge to identify and put these attacks to a stop. Admittedly, this scam is pretty convincing, but potential victims need to scrutinize any interaction with someone inquiring about details that involve money or monetary instruments.
