Contact Us
SaaS Log InXRay Login

Vishing At The Ritz: There’s A New Type Of Cybercrime In Town

Nastel Technologies®
October 13, 2020

Cybercrime – There’s another clever fraud tactic to add to your library of security threats. Imagine a call or voice message that appears to come from a trusted source but is really a disguised attempt to compromise your identity, credentials or financial information. More of a social engineering scheme than a vulnerability, “vishing” is a highly effective and targeted form of phishing that uses voice as a means to lure victims into disclosing private information.

A recent data breach at the Ritz in London that evolved into vishing attacks on hotel guests demonstrates how conniving cybercriminals have become in this social engineering scam. The prominence of the Ritz attack, among other high-profile events, indicates that the phishing attack landscape has grown as remote working has taken hold of company environments. At $3000 a night, the Ritz customers fit a certain socio-economic profile; hence, the voice messages were highly targeted and well-choreographed. The attackers went after business clientele for credit card details and information, impersonating the Ritz. According to Digital Trends, one target was convinced by the ruse because the incoming phone number was spoofed to appear as the hotel’s actual number.

Hotels are a perfect target for cyberattacks. Not only are there many vulnerabilities that come with managing hundreds of new customers each day, but hotels have access to a massive amount of customer personal data. In the Ritz case, the vishing attack was so effective because they don’t train customers about what calls to expect regarding their patronage in their normal course of business.

Beyond Email: The Hacker Game Has Changed

Users have gotten reasonably good at spotting scam emails, and popular email systems help detect these efforts’ email items. However, email is not the only game in town. Scammers now exploit social media networks, online file-sharing systems, messaging platforms and applications and phone systems. Compared to email, these channels of opportunity are highly personalized and focused on sharing.

Scammers also leverage sophisticated and ready-to-launch phishing kits, including social, voice, email and enterprise channels. With a bit of time and dedication, an attacker can choose the target(s) of choice, mimicking login portals, official company pages and web pages. The threat condition here is now a scaled, repeatable and convincing operation. Armed with any available ill-gotten or publicly sourced data, the results can be disastrous.

Vishing Exploits Trust

You might recognize the low-level, even common criminal vishing attacks that consist of phony tech support staff, purporting to be from Microsoft or Apple. In other well-known case types, scammers impersonate the Internal Revenue Service (IRS) or the local utility company under the threat of disconnection, severe penalties and, in some cases, jail. Although the label of vishing may be relatively new for most individuals, the tactic is familiar.

At an estimated yearly global loss approaching $50 billion, vishing and the sort of fraud that scammers leverage against the unsuspecting public is unacceptable. When launched against a company, the impact could be devastating in compromising:

  • Data integrity
  • Privileged and competitive data
  • Financial payments
  • Account integrity

Riding on the coattails of the first attacks, vishing hackers mount a nefarious second wave perfectly timed to hit victims where it already hurts.

Motivation and Human Opportunity

Phishing, vishing and various other forms of cyberattack continue to be driven by financial motivations. Data is valuable, trust is valuable and a converted target can pay dividends. To those ends, cybercriminals have developed increasingly sophisticated attacks, exploiting vulnerabilities and loopholes in technology, validations even flaws in how html language is exchanged.

Cybercrime threats are here to stay, and the situation appears to be getting worse as we let our guards down due to distractions related to the pandemic. The bottom line is that humans are vulnerable and gullible, and these attacks continue to work.

The Pandemic Effects

As many industries and workers took a hit during the pandemic, cyber threat actors thrived many opportunities following the shift to remote work. The lines between work and home are now blurred in many cases, wherein in some circumstances, corporate devices became personal tools and vice-versa.

Corporate applications now run on home networks. Video and dial-in conferencing are everywhere. A precarious security gap exists between what a company expects is happening in a data stream versus what is actually happening. Video games, shopping, streaming and mobile banking are all attack vectors and opportunities for cybercrime. These circumstances highlight the immediate need for heightened corporate cybersecurity and data protection practices, especially as opportunities to breach across audiences increases.

This article originally appeared on To read the full article and see the images, click here.

Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:

  • Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
  • Raw information handling and analytics speed
  • End-to-end business transaction tracking that spans technologies, tiers, and organizations
  • Intuitive, easy-to-use data visualizations and dashboards

Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.


The Nastel i2M Platform provides:


Write a comment
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment * This field is required!
First name * This field is required!
Email * Please, enter valid email address!

Schedule your Meeting


Schedule your Meeting


Schedule a Meeting to Learn More