New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

vishing ritz hotelAimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.

Imagine you have dinner reservations for this weekend at an upscale restaurant. A few days prior, you receive a call from the restaurant where they provide your reservation details and ask you to provide your credit card information again to verify the reservation. Seems legitimate, as the caller knows all about your reservation, and the call timing is near perfect.

But in reality, it’s a scammer stealing your credit card details.

This is what happened this month to U.K. diners planning on eating at London’s Ritz hotel. The Ritz confirmed the data breach last week, citing a breach to their food and beverage reservation system. According to reports, the phone number provided on caller ID matched that of the Ritz.

It’s possible that attackers installed a remote access trojan on a system within their restaurants, or even moved laterally within the Ritz’s network, eventually settling on an endpoint hosting their food and beverage reservation application. In either case, a breach is evident.

This attack demonstrates how conniving cybercriminals can be, as well as how valuable enough a stolen credit card is to be worth all the effort of not just compromising a network, but breaking into the reservation system, and calling patrons to obtain their credit card details.

Staying vigilant against attacks – whether a phone-based vishing scam, phishing attack via email, or social engineering scams on the web – is key to stopping these types of attacks in their tracks. Security Awareness Training can provide employees with the knowledge to identify and put these attacks to a stop. Admittedly, this scam is pretty convincing, but potential victims need to scrutinize any interaction with someone inquiring about details that involve money or monetary instruments.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews