Diners visiting the popular Ritz hotel in London were left with a sour aftertaste as scammers posing as “extremely convincing” hotel staff stole their payment card details. The potential data breach indicates the possibility that this incident may have had an insider hand or their system network was compromised by a cyberattack that enabled the leak of reservation details. Ritz has notified the Information Commissioner’s Office (ICO) and is further investigating the potential data breach.
- Scammers phoned people with exact details of their bookings at the Ritz hotel, London.
- Under the pretext of confirming their booking and order, they asked for payment card details.
- Scammers used Caller ID spoofing to fool people into believing it as a legitimate caller.
- Ritz informed the ICO and confirmed that it is investigating a ‘potential data breach.’
- Scammers used the stolen card details to make transactions worth more than £1,000 at Argos.
From High Tea to High Threat
According to the BBC, one of the victims received a call a day before her reservation for an afternoon tea at the Ritz. The caller ID displayed the real number of the Ritz hotel and thus, with a sense of assurance she answered it. The person on the other side knew the exact details of her reservation and thus she was not alerted. In order to “confirm” her booking and order, the scammer asked her to share the payment card details to which she obliged. However, the caller said that the card was declined and would require details of another card, to which she again agreed. Apparently, both these cards were later used to make multiple transactions in excess of £1,000 at Argos, an online retail shop.
Another lady also confirmed a similar modus operandi. She was called from a legitimate-looking number (through a spoofed caller ID) and asked for payment card details. However, the lady smelled something fishy when the scammer was unable to spontaneously tell her about the hotel’s facilities on offer.
What’s Caller ID Spoofing
Caller ID spoofing is a practice of impersonating another person or company’s legitimate name and telephone number. It causes the telephone network to indicate the receiver of a call that the originator of the call is a station or person other than the true originating station. This can lead to a caller ID displaying a phone number different from that of the telephone from which the call is made.
Caller ID spoofing technique is legitimately used by call centers while tele calling its customers on behalf of multiple clients. The caller ID information is manipulated to accurately display their client’s name and telephone number. This method is also used by some doctors while communicating with their patients. They display the hospital’s general call back number on the caller ID so that future communications and appointments can be channelized appropriately. However, scammers are now using this technique to dupe people by making them believe they are talking to a legitimate person on the other side of the line.