Scammers have gone after high-paying customers at one of the world’s most famous hotels, persuading them to give up their credit card details so they could embark on a spending spree.
In several tweets posted on Sunday, August 17, the upmarket Ritz London said that it recently discovered an apparent breach of its food and beverage reservation system that “may have compromised some of our clients’ personal data,” adding that it is now investigating the matter.
Once hackers had the booking information linked to the restaurant reservations, they started phoning those with bookings, posing as hotel staff. During the call, they asked the customer to confirm their credit card details.
One woman targeted by the perpetrators said the ruse seemed convincing as the hotel’s phone number showed on her phone, although spoofing a number is a known trick in cases like this. Also, the caller had the precise details of her booking for the Ritz’s renowned $70 afternoon tea experience, so it never occurred to her that it could be a scam.
The Ritz Hotel, London, U.K. Nathan Rupert/Creative Commons
Those behind the con also made follow-up calls to a number of the victims to tell them that someone was attempting to use their payment card, and that they should read out a security code sent to their phone to stop the transaction. However, in reality, if they gave the code it would’ve enabled the transaction to go through, as it had actually been sent as part of the payment process.
The scammers reportedly attempted to make several transactions in excess of more than 1,000 British pounds (around $1,300) at a nationwide retailer.
The hotel operator said it had already contacted all affected customers and alerted the Information Commissioner’s Office, which deals with data protection matters, among other issues.
We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how and to prevent this from happening again. We have contacted all of our clients whose data may have been compromised and alerted the ICO of the incident.
— The Ritz London (@theritzlondon) August 15, 2020
Digital Trends has reached out to the Ritz to find out how exactly how many customers were affected by the data breach and we will update this piece when we hear back.
The general advice is never to give out your payment card details to someone that calls you, no matter how convincing the person sounds. A bank would never call and ask for such information, though if you believe there is a bank matter that needs addressing, hang up and call the number on the back of your payment card.
For more on cybersecurity, check out Digital Trends’ dedication section.