Scammers have posed themselves as Ritz hotel staff in a “compelling” way to steal the payment card information.
Ritz hotel is known as a “symbol of high society and luxury.” It is one of the world’s most prestigious and best-known hotels. The scammers pretending to be hotel staff phoned people who had already made a restaurant reservation at the Ritz. One woman who had already made an online reservation for afternoon tea at the Ritz as a part of a celebration received a call the day before her booking. The call was convincing as it came from the hotel’s real number, and the scammers knew precisely when and where her reservation was and asked her to confirm the booking by providing her payment card details.
According to BBC, the scammers told the women that her payment card has declined and asked her for a second bank card. The scammers tried to make several transactions above £1,000 at the catalogue retailer Argos using the card details collected. When her bank noticed the suspicious transactions, the scammers dialled again, pretending to be from her bank. He told the victim that somebody was trying to use her credit card and to cancel the transaction she must read out a security code sent to her mobile phone. Using this code, scammers would have authorised the transaction. Another woman, who made her original booking over the telephone, was also tricked similarly. Later on, she felt doubtful as the scammer could not answer her questions correctly regarding the hotel’s facilities.
It is still unclear how the scammers got the exact information about reserved customers.
“People tend to trust caller ID, which is perfectly understandable because in theory, it appears to authenticate the caller, ” said Dr Jessica Barker, co-founder of cyber-security company Cygenta.
The Ritz said that it had been made aware of the data breach within it’s “food and beverage reservation system” on August 12 and it is investigating how the scammers accessed user information. It is not revealed how many people were impacted and the extent of the security breach. “After a reservation has been made at the Ritz London, our team will never contact you by telephone to request credit card details to confirm your booking with us, ” warned Ritz emailed customers.
- Not to share your financial data or authorization code through phone or email.
- Contact your bank immediately if you receive such suspicious calls or messages.
- Bank will never call you for security codes to cancel the transaction.
- It is always safer to call back the company or bank yourself from a different phone using the number on their official websites or the back of your payment card.