Since 2023, the hospitality industry has experienced a surge in social engineering campaigns targeting online travel agencies (OTAs) and customer relationship management (CRM) platforms. These attacks range from account takeovers and customer fraud to the deployment of info-stealers, often utilizing fraudulent domains that mimic OTA and CRM brands.
In this panel, we will explore these fraudulent activities from both hotels and OTAs perspectives, delving into their investigative approaches, the challenges they faced, and the mitigations that have proven effective in slowing down these attacks. We will also share key lessons learned and emphasize the importance of collaboration through the RH-ISAC to combat these threats. Despite ongoing efforts, the perpetrators show no signs of slowing down, highlighting the need for continued vigilance and cooperation.
