What You Didn’t Know About Phishing Threats & Your Business

Phishing threats are a major cyber risk for today’s businesses, especially those operating within the hospitality sector. So, what do you need to know about cyber security and phishing?

A recent Government report notes that, of the almost 40% of UK businesses that have experienced a cyber attack over the past 12 months, the majority – 83% – had experienced a phishing attack.

Phishing threats are a major cyber risk for today’s businesses, especially those operating within the hospitality sector. So, what do you need to know about cyber security and phishing?

What is a phishing threat?

The first thing that hospitality business owners need to know is exactly what a phishing attack is. 

While the outcome of a phishing attack can be devastating, the way it works is remarkably simple. A phishing attack involves a hacker sending an email to an individual or organisation, which is designed to look like a communication from a trusted contact. For example, from a supplier. The email encourages the recipient to click on a link, which may direct them to a fake website for data collection. Alternatively, it may download malicious software directly onto the recipient’s device. 

Other things to know about phishing threats include…

You’re a top target

Unfortunately, hospitality businesses are a top target for phishers. And there are two reasons for that. Firstly, hospitality organisations collect and store a huge amount of sensitive data, including payment details, which makes the ‘prize’ highly desirable. Secondly, hospitality staff typically deal with new contacts regularly – new guests, for example – making it somewhat easier to make the recipient believe that they are communicating with a legitimate contact, rather than a malicious actor. 

It’s all about human error

Human error is the biggest factor that turns a phishing threat into a full-blown phishing attack. Phishing attacks happen in every industry – and in every home – pretty much constantly. If you’ve ever received a dodgy text message asking you to pay postage on an item you weren’t even expecting, you’ll know just how common they are. But a phishing threat itself is harmless; it only becomes an attack when the link is clicked… and that’s all down to the behaviour of the recipient. 

There are hospitality-specific threats

There are entire attacks that have been specifically designed to target the hospitality sector. One of the most well-known campaigns is DarkHotel, and it’s affected hotel businesses across the world. In one large-scale wave, 17 separate hotels received emails designed to look like official communications from the Macao Government Tourism Office. The emails requested detailed information about the guests staying in the hotels, with an official-looking document attached. 

Your guests are at risk

It’s not just your business that’s at risk from a phishing threat, but your guests, too. In fact, one way that DarkHotel operates is to access an establishment’s WiFi network, and use fake digital certificates to try and persuade guests using the network to download malicious software onto their own devices. While the direct impact of this is on your customers, it can have a significant secondary effect on the reputation of your business, making it challenging to build a loyal base of repeat customers. 

You don’t have to sit around and do nothing

While the threat of phishing may always be present, it’s possible to significantly reduce your level of risk by using advanced threat detection and phishing protection software. Microsoft 365, for example, incorporates a range of spoof intelligence and anti-phishing policies to identify potential phishing communications before they even reach the recipient. By filtering out potential phishing opportunities, these apps mean employees can’t click a malicious link… even if they wanted to! 

Building a more resilient business

The key to handling phishing threats with greater confidence is to build a security-first culture; a culture rooted in cybersecurity best practices. At Reliable Networks, we can help you do just that. 

Gregory Olczyk

Gregory Olczyk