Employee narrowly avoids scam which would have cost hotel $130,000, officials say

A hacker is accused of nearly swindling a Waikiki hotel out of more than $130,000 ― and police say it all started with a phone call.
Published: Aug. 28, 2022 at 5:10 PM MDT
Email This Link
Share on Pinterest
Share on LinkedIn

HONOLULU (HawaiiNewsNow/Gray News) – A hacker is accused of nearly swindling a hotel out of more than $130,000, according to police.

They said the attempted scam started with a phone call.

Hawaii police said the alleged scammer called Kaimana Beach Hotel about 10:30 p.m. Friday. When a front desk employee answered, the scammer said he was with the hotel’s IT company.

HawaiiNewsNow reports the worker was alone at the front desk.

The scammer reportedly told the employee he needed to perform maintenance on the hotel’s computer system and convinced the employee to give him remote access.

The worker then said they noticed multiple credit card transactions had been made attempting to transfer more than $130,000 out of the hotel’s account.

Despite this type of scam being common, retired FBI special agent Tom Simon said this particular case stands out.

“The dollar amount is pretty staggering,” he said.

Simon said the scheme is known as pretexting, which is where a scammer will use an invented scenario to trick the victim into divulging sensitive information. In this case, the scammer wanted access to the computer system.

“It’s important for the hackers to create a sense of urgency so the victims feel pressure to act immediately without looping their bosses in,” Simon said. “And I think that’s what went wrong this time.”

The worker cut the scammer’s access immediately after realizing something was wrong.

In a statement, a hotel spokesperson confirmed it was able to stop the transactions, saying, “No funds were lost.”

“I can’t stress enough how important training is to make sure all the frontline employees of a company know they should never give sensitive information out no matter how much pressure the person on the phone is putting on you,” Simon said.

As for catching these types of criminals, Simon said law enforcement has two options.

“One is the IP address, or digital fingerprint, that they left behind when they accessed the system,” he said. “And the other is my expertise, and that’s following the money to see who benefits economically from this threat.”

Meanwhile, the investigation continues. Hawaii police said there have been no arrests.