Insights

Hotel security: Hacking into peoples’ minds

Hotels frequently fall victim to phishing attacks and social engineering tactics used by modern criminals. This occurs because hotels are often vulnerable and have little in the way of defences in place. However, hotels are capable of learning from these bad experiences. By adding security awareness to the skills you already have, you can become effective at outsmarting the criminals.

The term, social engineering, is quite often used in the context of cyber crime, but it is not a new invention by any means. In fact, it’s been going on throughout history, although under different names and across all areas of life. In the context of information security and privacy, social engineering refers to the psychological manipulation of people to do as you want, particularly to divulge confidential information. It is referred to as ‘placing bugs in the human hardware’ or ‘hacking into peoples’ minds.’

How hotel staff use social engineering

Hotel employees themselves are often masters in social engineering. However, while this art is used for good, it is mostly used only to provide guests with exceptional service. When combined with security awareness training, however, hotel employees’ skill set is enhanced and gives them an advantage dealing with criminal predators.

Hotels already have a strength they can build on because of the nature of the business. By building on the courteous service skills staff already possess and combining these with security awareness education, hotels will have a potent combination to thwart phishing attacks and the social engineering tactics of criminals.

Advertisements
  • eHotelier Essentials Banner

Conversation builds a connection and trust

Through appropriate guest service training, hotel workers are usually encouraged to initiate a friendly conversation with guests, for three reasons:

  1. It leaves a better impression than standing next to the guest and saying nothing
  2. Guests experience the hospitality and they feel welcome
  3. To find out guest preferences.

Some hotels are exceptional at service and know how to ask the right questions to create WOW-moments and surprise guests with something that really touches the heart.

When it comes to exceptional service, consider the bellboy who escorts the guest to the room and soon figures out that the guest has a passion for horses. The next day the guest finds a magazine about horse riding in his room. Or the waiter on the pool deck who notices the little daughter of a guest loves strawberries. As a little treat, he brings a small bowl of strawberries, just for her. The mother is impressed with the service and the first class hospitality. This is good service because the staff members are paying attention to details. This is the foundation of social engineering.

How criminals use social engineering

Criminals are not wearing traditional ski masks anymore. Instead, they are trying to blend in with hotel guests and staff. They also use various techniques of social engineering to connect with their victims and to mine for the confidential information they need to commit crimes.

Let me give you an example of attempted social engineering by a criminal that is based on a true story. This could also happen in your hotel:

A man is stalking one of your hotel guests. The brunette young lady in room 305 does not know him, but she has seen him outside the hotel before. He follows her to the hotel and tries to hit on her a few times in the bar, but is unsuccessful. When she disappears to her room, the stalker walks to the front desk. He wants information about the lady he has his eye on, so he involves the female receptionist in conversation. He does not begin by asking questions about the lady. That would create suspicion.

He first lays on the charm as he tries to build a connection with the receptionist. He does this so she starts to trust him. Up until now he engages in small talk. Then he probes about the woman he is interested in. He asks where she is from and how long she is staying in the hotel. This will help him profile her later and to make plans for his next move. Possibly,he does not have a plan yet. He may even pretend knowing her.

Note: If the receptionist volunteers the information that the lady is from Mexico, for example, you can expect the man to start talking about Mexico and what a fantastic time he once had in Acapulco. He might not have been to Mexico before. If the receptionist had said the lady was from Italy, for example, he will likely talk about Verona – the city of love, or some other well known place in Italy. Again, he may never have been to Italy. However, he may be knowledgeable about either of these two countries. It’s the details that can fool us into trusting a person.

What he desperately wants to know is whether the woman is travelling alone. All these questions should ring alarm bells. Thankfully they do.

Your receptionist does the right thing and identifies him as a suspicious person. The receptionist remembers the See, Hear, Feel and Tell Approach in the Security Awareness Course she recently completed. In order to create a diversion and to buy time she gives out false information, telling the stalker that the lady is staying in the hotel with her husband. Now she is using social engineering to cool down a potential attacker. The receptionist immediately reports the incident to the Duty Manager. The Duty Manager discreetly informs the lady about the incident. He offers her a room move for her own protection and also changing her name in the system, if she wants. The Manager then introduces himself to the stalker and asks if he is being helped. This is also a form of exceptional guest service. The stalker realises he is noticed and hopefully he now gives up on his intentions and leaves.

There will be signs of weakness from the stalker that give him away. Since he is sexually driven he will show signs of nervousness. Possibly he will avoid eye contact, particularly if he is doing this for the first time. But it will be his question, ‘Is she travelling on her own?’ that is the clear warning sign.

Stalking is a very common security problem in hotels worldwide. Bad outcomes can be prevented when staff members use their skills in social engineering coupled with training in security awareness. They will be trained to follow through by informing management. Of course, they won’t inform management when they have not picked up on anything suspicious. The example I gave illustrates how the mechanisms between raising security awareness and taking action to protect the safety and privacy of guests need to work together. It works when everyone works hand in hand.

Editor’s Note: Nowadays, Security Awareness training is not expensive or hard to organize. Online Hotel Security Awareness Courses are the future trend because they are affordable and can be easily implemented anywhere in the world. By enrolling in the Online Hotel Security Awareness Course from eHotelier Academy your staff will learn how to protect your guests and themselves from criminals..

About the author
Stefan Vito HillerStefan Vito Hiller is the Founder & Managing Director of Sky Touch – Global Hotel Security Consulting. He has over 20 years international experience in the hotel industry, including five years specifically in security.

His hotel experience includes rooms division management, pre-opening, fire, health & safety, risk management & cost control. He has worked for leading hotel brands in Munich, Frankfurt, Bremen, Berlin, Cork, Edinburgh and Doha in the Middle East.

He graduated in 2002 as a Hotel Management Consultant at the Steigenberger Hotel Management School. He gained valuable experience as a Cost Controller at the Sheraton Hotel & Towers at Frankfurt Airport. He worked three years in Ireland, building on his experience as a former volunteer fire officer and becoming a qualified IOSH Health & Safety Officer. He effectively combined the field of Health & Safety with his Assistant Manager positions.

Stefan now consults to hotels to implement innovative and affordable strategies to raise their level of security to meet growing global demands.

 

Tags: Security, , stalking

,

Related Articles

Related Courses

You might also like:

Advertisements
Join over 60,000 industry leaders.

Receive daily leadership insights and stay ahead of the competition.

Leading solution providers: