Security firm Trustwave has seen a stream of attacks aimed at the hospitality industry, where miscreants first place a call before sending through malicious attachments via email.
Who’s at the receiving end of the phone call? The business’s customer service representatives.
By duping them into believing they are clients having difficulty in accessing the company’s online registration system, the cybercriminals then follow-up via email with the representatives, including attachments infected with malware that claims to be reservation details. The goal of the attack is to swipe credit card data.
The notorious Carbanak gang, a cybercriminal collective previously responsible for stealing close to $1 billion from banks over two years, is believed to be behind the operation.