Ritz Roasted

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

August 20, 2020

Some diners with bookings at the Ritz Hotel were reportedly targeted by phone scammers who posed as hotel staff to steal credit card details.

What Happened?

The ID spoofing attack involved the fraudsters pretending to be hotel staff, phoning people who already had a dining reservation at the Ritz and asking them to confirm their credit card details, or saying that their card had been declined and asking for a second bank card.

It has been reported that the telephone calls from the scammers were made to appear to come from the Ritz telephone number and that the scammers knew the correct booking details of diners.

It remains unknown exactly how the scammers obtained the details, and the incident and possible data breach was reported by the Ritz to the Information Commissioner’s Office (ICO).

Tried To Spend At Argos

It has been reported that the scammers used the details stolen from a Ritz diner’s card to attempt to buy over £1,000 of goods at the catalogue retailer Argos. When the victim’s bank noticed the transaction, the scammers then phoned the victim, pretending to be the bank, asking for a security code that had been sent to her mobile phone that would enable the cancellation of the Argos transaction.  In fact, the code would have enabled the authorisation of the transaction and the subsequent theft.

The Ritz

The Ritz has reported that the scam took place on 12 August and has emphasised that its team would never contact diners with reservations by telephone to request credit card details to confirm a booking.

Protection

ID scams and social engineering attacks are becoming more popular and there are measures that can be taken to avoid being scammed.  To avoid being scammed in this way, assume that restaurants (certainly banks) and other businesses will not call to confirm payment details or request authorisation codes. If such a call is received, don’t give any information, end the call and call the company back through the official numbers that you have on any official bills/statements (or the back of your payment card for the bank) or on the company’s main, official number that you have obtained yourself.  Report the call to the company, Action Fraud and the ICO.

What Does This Mean For Your Business?

In this case, the victims were influenced by the apparent legitimacy of the calls due to the correct details of their booking, the same/similar phone number, the convincing nature of the caller, and perhaps the fact that dining at the Ritz is not a regular occurrence and, therefore, booking processes are unfamiliar.  The scammers also had the benefit of the influence of the brand and the need of victims to avoid the discomfort of embarrassment after being told their card had been declined.

This story shows how scammers can quickly, ruthlessly and effectively exploit and leverage a data breach, and is a lesson to customers to always be suspicious of calls from companies about payment details, and to businesses to give data protection a high priority, even with fluid systems that are in regular daily use. This story illustrates how data breaches can damage brands through bad publicity and a potential loss of customer confidence.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.