Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Get a 40% discount on your hotel room! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Get a 40% discount on your hotel room!

Here's a novel (to me) phishing approach. Cal, one of our readers, was staying at a hotel in Arizona on business, and he got a call to his room from the - alleged - front desk. They were saying that their computer had gone down, and that they needed to re-verify his billing information.

Cute, isn't it.

Being a security geek, Cal didn't fall for it, said that he was currently talking on his mobile phone with his wife, and whether he could call back. Not surprisingly, the "front desk" seemed a tad reluctant to provide a number. Stalemate. That's when the phish caller came up with a very customer service oriented approach: "We really regret this trouble, and we will gladly offer you 40% off your room rate for the inconvenience"

But no dice: Not even the prospect of a "rebate" was sufficient to convince Cal to hand out his personal data and credit card information to an unknown caller. He hung up, walked down to the front desk, and upon asking, the lady at the front desk put her head down and said "You too? They've been calling 201, 203, 204, 210, and now you?"

Given the right circumstances and timing, I'd say quite a few hotel guests would fall for this. Make sure you are not one of them!
 

Daniel

367 Posts
ISC Handler
Had something like this happen in hotel in Eloy, AZ, @ 0400 ish.

Long story short, the front desk was getting a large load of complaints from customers... I asked the manager to switch all incoming calls into her extension number in the PBX switch. This creates a "Checkpoint", if you will, and puts allot of work on one person manning the extension. But it stops these prank / phishing attempts cold.

FYI...
Anonymous

Sign Up for Free or Log In to start participating in the conversation!