Cyber Security

Hackers Attacking Hotel Owners & Employees as Potential Guests

Since last summer, hotel owners and employees have grappled with a surge in malicious e-mails disguised as ordinary correspondence from previous or potential guests.

These e-mails, often appearing as typical messages sent to the hotel’s public e-mail address or as urgent requests from, aim to steal employees’ login credentials or infect hotel systems with malware.

=The attackers’ tactics have evolved, making it increasingly challenging for hotel staff to identify and thwart these threats.

According to the reports from Kaspersky, when targeting hotels, cybercriminals exploit the industry’s inherent customer service focus.

Hotel employees, eager to resolve conflicts and fulfill requests to maintain their establishment’s reputation, often fall prey to these attacks.

The attackers craft e-mails that mimic genuine customer inquiries or complaints, prompting employees to follow links or open attachments that contain malware.

This method termed a “customer focus attack,” leverages the hotel’s commitment to customer satisfaction to breach its defenses.

E-mail Content: Complaints and Inquiries

The malicious e-mails generally follow two themes: complaints or inquiries.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

In complaint-based e-mails, attackers pose as dissatisfied guests, citing unethical staff behavior, double-charged bank cards, or poor accommodation conditions.

An example of a complaint regarding a conflict that allegedly occurred in a hotel

They often include supposed evidence like videos, photos, or bank statements to lend credibility to their claims.

In inquiry-based e-mails, attackers pose as potential guests seeking information about hotel services and pricing.

These inquiries cover various topics, from room amenities to sustainable energy sources, making them appear legitimate.

E-mail mimicking a notification from

In some cases, attackers employ a more sophisticated approach, engaging in multi-stage correspondence with hotel staff.

Initially, they send innocuous messages about accommodation conditions, gradually building trust.

For example, an attacker might pose as a potential customer planning a surprise for their spouse.

After a few exchanges, they send an e-mail with a link to a malicious file, claiming it contains detailed instructions for the surprise.

This method lulls the victim into a false sense of security before delivering the payload.

Example of an attack involving preliminary exchange

End Goals: Credential Theft and Malware Infection

The primary objective of these cybercriminals is to obtain login credentials, which they can then use in other scams or sell on the dark web.

Compromised hotel accounts on can be exploited to scam clients out of payment information.

Attackers use various methods to achieve their goals, including phishing links that mimic login or corporate credential forms.

They also employ malware, such as the XWorm backdoor and the RedLine stealer, to infect victims’ devices and steal passwords.

Phishing website mimicking the login page

How to Defend Against These Attacks

To protect against these sophisticated attacks, hotels should implement several key measures:

  1. Security Awareness Training: Regular training sessions can equip employees to recognize and resist social engineering techniques. For instance, employees should be trained to scrutinize the sender’s e-mail address and be wary of free e-mail services used by attackers.
  2. E-mail Gateway Protection: Implementing protection at the e-mail gateway level can prevent phishing, malicious links, and dangerous attachments from reaching employees’ inboxes.
  3. Robust Security Solutions: Installing comprehensive security solutions with anti-phishing technology on all work devices can provide an additional layer of defense.
  4. Stay Informed: Keeping up-to-date with the latest e-mail threats through reliable sources can help hotels stay ahead of cybercriminals’ evolving tactics.

By adopting these measures, hotels can significantly reduce the risk of falling victim to these malicious e-mail campaigns and safeguard their operations and reputation.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More

On a weekly basis, the cyber security newsletter is considered an essential update on information…

2 hours ago

8.5 Million Windows Systems Hit by CrowdStrike Faulty Update – Microsoft Says!

Microsoft has revealed that a faulty software update released by cybersecurity firm CrowdStrike on July…

23 hours ago

Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware

On July 19, 2024, CrowdStrike identified an issue in a content update for the Falcon…

23 hours ago

Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that…

1 day ago

10 Best Linux Firewalls In 2024

At present, many computers are connected via numerous networks. Monitoring all traffic and having something…

2 days ago

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

2 days ago