In light of recent scams targeting hotel employees, particularly during vulnerable night shifts, it’s crucial to be aware and vigilant. Scammers have been known to impersonate corporate IT staff, hotel owners, and other official positions to gain access to hotel systems. Here’s how employees can protect themselves and their establishments from falling victim to these deceptive tactics.

Understand the Scam

Scammers typically call during the night, claiming to be from the hotel’s corporate office or IT department. They might mention a system update or the need to test equipment, like PIN pad systems, and ask employees to perform tasks that involve entering or moving money. They are often well-prepared, using correct terminology and may even drop names of known staff or recent events to appear legitimate.

Case Study: A Overnight Scam

A trusted and experienced night auditor, proficient with the Opera system, received a call around 6:30 AM from an individual claiming to be from the IHG IT department. The caller informed her of a scheduled system update for Opera, supposedly arranged by the hotel’s head engineer just a day earlier. Leveraging details like the recent malfunction of the pin pad system—which the engineer had indeed addressed—he created a believable scenario.

Execution of the Scam

The caller, exhibiting a southern accent and polite demeanor, instructed the auditor to assist in “testing” the system by processing transactions with virtual credit cards. He meticulously guided her through the Opera PMS, instructing her to enter specific amounts (-$2,345.67) into a new window for each transaction. These actions were linked to a reference number he provided.

Suspicious of the request but swayed by the caller’s detailed knowledge and the corroborative background story, the auditor proceeded. However, she wisely paused to verify the caller’s identity by asking for his name, title, and a direct contact number. She then placed him on hold to consult with the arriving Assistant General Manager (AGM).

Management Oversight

The AGM, aware of the recent technical issues with the pin pad system, initially perceived the call as legitimate. This perception led to a critical decision to continue with the transactions. The auditor was instructed to select guests who were checking out the next day, ensuring their accounts appeared unaffected. She completed several transactions across different terminals, supposedly to test the pin pad processing system, each involving significant amounts, totaling over $15,000 lost to this refund scam.

Aftermath and Realization

The transactions were settled to a $0.00 balance, which did not immediately raise alarms. It wasn’t until the general manager received calls about the suspicious activities that the full scope of the incident came to light. The auditor provided all documentation, including the prints of the folios and the scammer’s purported contact details. Regrettably, by then, it was too late to reverse the transactions.

Reflection

The scam was sophisticated, leveraging inside knowledge of the hotel’s systems and recent events. The use of a legitimate-looking LinkedIn profile added an additional layer of credibility to the scammer’s disguise. The entire experience left the staff shaken, particularly the night auditor, who was deeply affected by her inadvertent role in the scam.

This case serves as a stark reminder of the vulnerabilities present during less supervised hours and the importance of rigorous verification processes. It underscores the need for ongoing training and protocols to handle such situations, ensuring all employees are equipped to recognize and respond to potential scams.

Preventive Measures

1. Verify Caller Identity:
   1. If you question the legitimacy of a call, request the caller’s name and title. Instead of continuing the conversation or calling back on a number they provide, use your hotel’s official support line to confirm their identity by asking for them directly.
   2. Do not proceed with any requests until you’ve confirmed the caller’s identity through known and secure channels.
2. Know Your Systems and Policies:
   1. Be familiar with how your hotel’s systems work, including how remote sessions are started. For example, logging into a secure portal specific to your franchise.
   2. Understand that legitimate support will never ask you to process refunds or log into systems to enter sensitive information without proper verification.
3. Consult with Management:
   1. If in doubt, always refer the situation to a manager, especially during times when scams are more likely, such as the night shift.
   2. Implement a protocol where any unusual after-hours calls are to be deferred to higher management.
4. Educational Training:
   1. Regular training sessions should be held to educate all employees about the latest scams and reinforce the importance of security protocols.
   2. Share stories and scenarios of known scams to prepare employees for potential situations.
5. Communication is Key:
   1. Encourage open communication among staff about suspicious activities. If someone encounters a potential scam, they should feel comfortable alerting others.
   2. Keep all employees updated about any incidents, whether they were avoided or not, to ensure everyone learns from them.

Conclusion 

Scammers are cunning and adaptive, often using sophisticated methods to trick employees. By staying informed, verifying all requests, and adhering to strict security protocols, hotel employees can protect themselves and their workplaces from potential financial and reputational damage. Always remember, when it comes to unusual requests, especially during the night: when in doubt, check it out.