Cybercrime Concierge: Spyware Steals Hotel Guests’ Credit Card Numbers

The next time you check in to a hotel, a cybercriminal could be checking you out.

The danger doesn’t come from the concierge, or the bellhop, or the guests milling around the lobby — instead, it lurks somewhere far off, where a clever crook is looking at a screenshot of all your personal information, credit card included, he has captured right from the hotel’s check-in computer.

For sale in in underground forums, the cybercrime weapon that makes this theft possible is a remote access Trojan that infects point-of-sale terminals linked to hotels’ front desk computers, according to Amit Klein from the security firm Trusteer. After it infects the computers, the Trojan captures screenshots from the point-of-sale application used on the computer, providing the crook with your name, address, email address and, most importantly, your full credit card number and expiration date.

[Why Your ATM PIN Needs to be Changed]

The particular attack package Trusteer spotted sold for $280, and came with setup instructions and tips on how to use social engineering tactics, “via VoIP software to trick front desk managers into installing the Trojan.” Even worse is that anti-virus software, Klein said, does not detect the credit-card-swiping spyware.

Why are attackers focusing their efforts on the hospitality industry? The same reason they choose any and every target: money.

“Cybercriminals are increasingly expanding the focus of their attacks from online banking targets to enterprises,” Klein wrote. “One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised.”

If there’s a silver lining to this spyware scare, it’s that, for now, the attack module Trusteer detected is unable to siphon hotel guests’ credit card verification value (CVV2), the security code, often located on the back of credit cards, used when completing transactions.

While this credit card scam seems nearly impossible to detect and prevent, you can keep your finances, and identity, in check by routinely monitoring your bank balances, and reporting any suspicious or unauthorized transactions to your bank immediately.

LEAVE A REPLY
Name*
Email* (will not be published)
Website
*Indicates required field
Comments*
Submit Comments

FIND A REVIEW
Laptops
All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Brand
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
Resolution
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options
SUBSCRIBE