Social engineering hackers call hotels and then send email attachments. These email attachments might look like customer information but they are not.
These guys target hotels and restaurant chains. It all starts with a phone call. Cyber criminals call businesses and trick them into installing malware when their customer service talk to them and somehow they convince them to open malicious email attachments.
The main design of the malware is to steal customers’ credit card info. They have been dubbed as the Carbanak gang which was blamed last year for stealing to as much as $1 billion from various banks.
Security firm Trustwave said last Monday that three of its clients within a span of one month had encountered malware built with similar coding found in Carbanak attacks.
The hackers start by calling a business’s customer service line and pretending to be clients who can’t access the online reservation system.
These hackers send an email to the customer service agent as a word document supposedly containing their reservation information. However, this document was engineered to download malware to the computer.
Their persistence and patience in waiting for the representative to open the file is impeccable and their English communication skills is to be considered excellent.
They are very convincing. They have done the extra mile to research the target business. Social engineering skills is being applied to find out the name of the important people inside the company to establish rapport and credibility.
Once the customer service representative opens the attachment, code is downloaded to the computer and tampers the way the network operates.
The main concept is to record credit card information from point-of-sale machines or e-commerce payment computers.
These has been going on for years. Retailers, restaurants and hotels have been hit with similar attacks and some have been breached badly.
Some malware are capable of snapping screenshots from the desktop, log keystrokes, passwords and other sensitive information and scan for valuable targets.
A lot of antivirus scanners fail to detect these malware. Law enforcement agencies are also having the same issues dealing with it.
Their main concern is to get into the system, find what they want and steal that information. While doing that, they try to be as stealthy as possible and stay in the system and avoid detection.
Imagine a large restaurant chain, if they get compromised, how many million credit cards would they be able to gather over an extended period of time?