12 Ways Criminals Obtain Sensitive Information

  |   fraud, hospitality industry, pci compliance, security, Sertifi

Always be on the lookout for suspicious behaviors and criminal activity.


Do you know what to look for when it comes to criminal activities? Criminals have a variety of techniques at their disposal to get past your defenses and steal your data. It’s important to be aware of these tricks so you can better protect yourself and your customers.


Customer data security and privacy should be the primary focus for every hotel – no matter the size. With the continually evolving landscape of security and technology, hotels need to adapt if they want to remain in business and maintain a strong reputation in their customers’ eyes. There will always be people out there who want to steal data, and they’re becoming more adept, so it’s everyone’s responsibility at your hotel to be educated and vigilant of the risks.


Here are 12 methods by which criminals can obtain sensitive information: 


1. Tailgating:

Be vigilant of anyone following an authorized person into a secure area without permission or the appropriate credentials. This applies to both hotel staff and guests. Consider installing video cameras outside secure rooms to ensure that only authorized people are accessing that area.


2. Mousejack Attack:

Be mindful of individuals who linger near computers suspiciously. Also pay attention to individuals who linger in general! It’s now possible to hack computers using wireless devices if you’re within 100 yards of the system.


3. Dumpster Diving:

There are people who willingly wade through trash to acquire credit card information, so be cognizant of what you’re discarding. If you do store credit card information onsite, then be sure to use a shredder before disposing of that information.  


4. Baiting:


Unfortunately, hackers don’t need sophisticated plans to acquire credit card information. They can cause damage with just a thumb drive. If you find a random thumb drive and decide to plug it in your computer, you could potentially install malware onto your system. Always be wary of “orphan” thumb drives. When in doubt, either discard the drive or give it to your IT team. 




5. Pretexting:

With this technique, hackers use PII to request sensitive information. All it takes is one small piece of data for a hacker to extract additional information from hotel staff and piece together a person’s identity. 


6. Spoofing:

With this technique, hackers can mimic an IP address to access personal information.


7. Phishing:

Phishing is one of the more common forms of attack and consists of hackers sending emails that appear legitimate in an attempt to steal personal information. Always be cautious of emails that contain blatant spelling or grammatical errors and look closely at the sender’s email address. Finally, never click on any links within an email that cannot be verified.


8. Vishing: 


Similar to phishing, vishing involves a hacker calling a hotel and posing as a legitimate organization.

The hacker then attempts to obtain personal information from hotel staff.






9. Juice Jacking: 

Hackers use this technique to steal personal information from smart phones at public charging stations. 


10. Social Engineering: 

This technique involves persuading hoteliers to reveal information that can help hackers to steal PII. 


11. Malware:

This method consists of intrusive software that allows access to an unauthorized computer or network


12. Piggybacking:

This technique involves a hacker convincing authorized personnel to provide access to a secure area.


Criminals are becoming increasingly more skilled at assessing your weaknesses and gaining access to your information. Going forward, you’ll want to make sure you have a proactive defense plan in place. All employees should be educated on what behaviors to look for as well as what actions to take if they encounter a potential criminal.


It takes a combination of technology, awareness programs and services to stay ahead of the hackers and to ensure that customers feel confident their personal information is safe and secure. 


To better defend your hotel from cybercriminals and hackers, you’ll want to check that you’re PCI compliant and that your validation is up to date. We’ve partnered with our friends at VENZA to bring you a helpful guide that highlights PCI guidelines, how you can help protect your hotel from data breaches, and what it means to take a security first approach.


Up Next: Read the 5 Data Security Trends & Insights for 2020

About the Author 

As the Content Marketing Specialist at Sertifi, Kelli loves writing and the power of words to tell stories. She assists the team with content creation and occasionally dabbles in design. Outside the office, you can find her reading, traveling (mostly to Michigan), and buying too much stuff on Amazon.