The tourism sector has become the main focus for cyberattacks, due to the large volume of money and confidential information it handles. Among the different cyber-scams that are currently being carried out, the one known as CEO fraud in hotels stands out, an impersonation technique that is a headache for hotels around the world.
From Cerium, as a company specialized in hotel cybersecurity, we deal daily with these threats and that is why we want to give you the keys to detect them in time and, above all, prevent them.
What is CEO fraud?
CEO fraud is a sophisticated cyber-scam tactic that is very common in the corporate world. In this type of fraud, cybercriminals pose as senior executives of an organization, such as the CEO or CFO, with the goal of trick employees into gaining access to confidential information or making transfers fraudulent money
The typical modus operandi involves the use of social engineering techniques, such as spoofing o Phishing, to manipulate employees and get them to perform actions that benefit fraudsters, basically urgent fund transfers or disclosure of sensitive information.
Specifically, cybercriminals often send carefully crafted emails or text messages to mimic the terminology and writing style used by top executives, making them difficult to detect.
Keep learning: Types of cyber attacks and how to prevent them
One of the reasons CEO fraud is successful is because scammers often take advantage of emergency situations or stress. For example, they request a transfer for a confidential transaction related to an impending acquisition or serious legal issue.
How to safely approach digital transformation in the tourism sector
DOWNLOAD NOW
When does it occur in a hotel?
The hotel sector is by no means immune to this problem. Specifically, these scammers they can impersonate both a hotel manager or high-ranking employee, or a supplier, with the aim of requesting a secret and urgent transfer, change the payroll account or communicate a new account number in which to pay the invoices.
In some cases, they use additional tactics, such as spear-phishing, a sophisticated variant of Phishing which is based on the collection of specific information about the recipients to personalize the message and increase the effectiveness of the attack.
Key tips to prevent hotel CEO scam
There is no doubt that cybersecurity must be a strategic axis in hotel businesses and that it is necessary to work on security protocols in hotels to know how to detect and prevent attack attempts in time. Here are some key tips to prevent the CEO scam:
1. Check sender's email
The objective is check that it is your real address. Some clues that can alert you that the email is fake are the sender's address, a sense of urgency, spelling and grammatical mistakes, generic greetings or the inclusion of suspicious links and attachments.
2. Take extra precautions with the instructions in the message
Another warning sign is that the instructions in the message are unusual and requests to follow unusual procedures within the company. When in doubt, it is recommended contact the sender by other means to confirm that it is he who has requested the operation or change and never respond to the email received.
It may interest you: Cybersecurity audit in hotel companies
3. Implement double check security protocols
Maintaining double checking protocols is essential to avoid any change in the supplier's payment account. This translates into the need to verify information with the appropriate person or department and confirm that it is correct before making any changes or transactions.
4. Avoid downloading suspicious attachments
Using security or firewall software and keeping it up to date is the first protective barrier in detecting and blocking malicious attachments before they can harm your system.
On the other hand, you should not rely solely on file extensions, as cybercriminals can hide malware inside seemingly harmless files and, of course, Be especially wary of compressed files (.zip), or executables (.exe or .bat).
5. Protect confidential company information
Recommended do not share information related to the organization chart of the company with third parties and be very cautious with the publication of corporate information on social networks, such as corporate email, the department for which you work and the functions you perform or the closest co-workers.
How does Cerium help prevent CEO fraud?
Cerium can be your ally both in preventing CEO fraud and, in general, in your fight against cybercrime. As experts in cybersecurity for hotels We have the best solutions to protect both your assets and your customers and we help you design the most appropriate strategy for your hotel (cybersecurity audit, configuration and security of WiFi and IPTV networks, threat management with FIREWALL, VPN and GEO IP, pentesting, anti-phishing systems, etc.).
In addition, we are aware that the training of the teams is key, so we impart employee training with updated content that includes the main threats and how to respond to them.
If you think it is time to implement a security strategy, you want to reinforce the current strategy or you are looking to train your team so that they are not victims of fraud, contact us through use this form. We will be happy to help you!
Fill out the following form to learn more about our cybersecurity services
