Tag Archives: Theft

by | March 17, 2013 · 7:04 am

Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

“…Just before the 2012 festive period, a new piece of malware surfaced and was found in hundreds of POS systems in hotels, restaurants, retailers and private parking providers. The malware was discovered by Israel-based security cybercrime in hotelsfirm Seculert: ‘Dexter’ (which comes from the string ‘BKDR_DEXTR.A’) is a data-theft tool used to target and attack POS systems. The program, which is Microsoft Windows-based, uses common techniques to search the memory of running processes to identify credit-card track data, but with the uniqueness of the attacker having full control…”

Connected point-of-sale (POS) systems – that’s the checkout to you and me – are the most recent targets of the cybercriminal, and a specially-crafted malware, dubbed Dexter, is further indication that now all kinds of connected devices may be vulnerable to attack.

Seculert CTO and co-founder Aviv Raff explains that while the company is as yet uncertain as to who is behind Dexter, the author is fluent in English: Dexter mainly targeted English-speaking countries. The malware was located in 40 different countries, but notably 42 per cent of POS systems targeted were in North America and 19 per cent UK-based. “Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” Raff says.

The malware injects itself into the iexplore.exe file in Windows servers, through rewriting in the registry key. It then’ pinches sensitive credit-card data from the server, before transferring it through a remote command and control system. Windows-based POS systems are used increasingly in the industry, and according to Seculert’s findings, 51 per cent of targeted POS systems use the outdated Windows XP. The high percentage indicates Windows-based machines that process unencrypted track data are viable targets.

Microsoft Windows XP may be the ‘preferred’ choice for POS systems, especially among smaller retailers who feel that they cannot afford to upgrade, but with the operating system to be discontinued in 2014, the question is over what support will be offered for remaining XP users and if they will be able to handle the upgrade to Windows 7 or 8.

“Dexter only has three purposes in life,” says Trustwave’s security researcher Josh Grunzweig. “To always be running on the victims’ machine, to find any card, or track, data in any running program on the victim, and to communicate with the attacker who is controlling it.”

The latter is what makes the malware stand out and impresses Grunzweig. “I can’t remember the last time I saw a piece of malware that targeted POS systems that had a nice command and control structure to it,” adds Grunzweig.

He explains the hacker maintains control of the attack by using normal communication methods, but with the skill to hide what it was sending by encoding the data. This involved sending out a message to the attacker, by default, every five minutes and also checks the victim to see if there is any track data running every 60 seconds.

The magnetic strip on a credit card contains three tracks and the malware attempts to extract data from memory relating to tracks one and two, containing numeric or alphanumeric data that can be used to clone the card that was used in a transaction. If Dexter finds any of this track data, it alerts the attacker in the next message sent and the process is repeated. The attacker has the control to change the times and install additional malware or even remove Dexter altogether.

“The most unusual thing about Dexter is the small amount of public attention it has received,” says Trustwave’s Josh Grunzweig. “The issues that make POS-specific malware difficult to discuss in the industry also affects the ability of antivirus companies; without samples they are unable to provide detailed protections for specific threats.”

For more:  http://eandt.theiet.org/magazine/2013/03/turn-on-log-in-checkout.cfm

Comments Off on Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

Filed under Claims, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , , , ,

by | March 5, 2013 · 8:21 am

Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

“…(the motel clerk) used his position to remove credit card information from 23 customers from the motel database and used 12 of the card numbers in a fraud scheme to steal cash from the business…the owner Hotel Credit Card Fraudadmitted that he did not do a background check prior to hiring this person…the background check was too expensive…”

Mobile police have arrested a man for credit card fraud and trafficking in stolen identities after they say he took credit card information from 23 motel customers. Police said Bryant Onell Niles, 28, worked as a desk clerk at the Baymont Inn Suites in Mobile, where the alleged crimes took place.

Police said he was found in possession of the 11 unused credit card numbers with names and expiration dates belonging to former customers of the motel. Mobile police said last year, Niles was working as a desk clerk at an unnamed hotel when he stole credit card information from a person who had stayed at the hotel.

Police said he used the guest’s information to book hotels for himself and his friends. That’s how authorities say they caught him.

For more:  http://www.fox10tv.com/dpp/news/local_news/mobile_county/mpd-hotel-clerk-stole-23-credit-card-numbers

Comments Off on Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Theft

Tagged as , , , , , ,

by | March 3, 2013 · 7:40 am

Hospitality Industry Payment Risks: Restaurants Can Utilize New “Smartphone Apps” To Reduce Credit Card Fraud, Increase Guest Satisfaction

“Tabbedout” is a new free app for smartphones. The credit card number is encrypted in the phone and tied to a tab…(the guest) can walk in, open (their) tab and show the phone to TabbedOut Merchant Payment Smartphone Applicationthe bartender (or waiter) and literally start ordering food and beer right away…when they feel like leaving the venue, press one button on (the) smartphone and leave…”

Crooks are constantly stealing credit card numbers. Often times it’s skimmers attached to credit card machines or some other crafty way to lift information. Now a new app may help reduce the chances of that and simplify the dining out experience.

Denver is a test market for a new service that makes paying a tab in a restaurant or a bar as simple as just one quick click. It’s a legal way of “dining and dashing.”

Who hasn’t been frustrated while waiting to pay a tab? And how safe is sending a credit card off with a waitperson? Now there are options. “Credit card fraud is the handing the cards back and forth. Someone will snap a picture of it and then steal your identity or take your credit card,” bartender Josh Finocchiaro said. “With this, it’s set up through your phone, so the card isn’t passed back and forth.”

Restaurants like the Ice House in LoDo like it because it means the wait staff can focus on serving good food and drinks without worrying about serving up a check at the end of a meal. Diners gain more control over their experience and there’s no waiting around to pay.

Tabbedout is now in 25 restaurants around Denver and some in the mountains as well.

For more:  http://denver.cbslocal.com/2013/03/02/tabbedout-app-helps-pay-restaurant-bill-avoid-credit-theft/

Comments Off on Hospitality Industry Payment Risks: Restaurants Can Utilize New “Smartphone Apps” To Reduce Credit Card Fraud, Increase Guest Satisfaction

Filed under Crime, Guest Issues, Labor Issues, Management And Ownership, Risk Management, Technology

Tagged as , , , , , ,

by | February 19, 2013 · 6:58 am

Hospitality Industry Crime Risks: New York Hotel Thieves “Smash Jewelry Cases” And Walk Out With Over $160,000 In Watches And Diamonds

“…the hotel lobby has 18 display cases…the suspects chose to smash the one filled with jewels from Jacob & Company, a designer favored by celebrities from Jay-Z to Jennifer Lopez to former New York Mayor Rudy Hotel CrimeGiuliani…(police) released images of the suspects from a surveillance camera late Sunday night, and confirmed that police are still looking for them. The men were last seen heading east on 57 Street after the heist…”

It was nearly 2 a.m. on Saturday when two men smashed a display case full of jewelry in the Four Seasons Hotel in midtown Manhattan. The men walked out of the hotel with two high-end wrist watches, a diamond chain and a pendant — together worth more than $160,000 — according to the New York Police Department. No one stopped them.

New York City hotels appear to be an easy target for criminals looking for a quick, and valuable, steal. Last year, a New Jersey man was sentenced to one-to-three years in prison for walking out of the Chambers Hotel in June 2011 with five paintings, each valued at $1,800, stuffed in a canvas tote bag. Two weeks later, the same man pilfered a $350,000 sketch by the highly regarded modern artist Fernand Leger from the Carlyle Hotel.

This is the first time a theft like this has occurred at The Four Seasons in its 20 years, according to Tiffani Cailor, a hotel spokeswoman.

“This is an unusual incident,” she said. “We are very concerned and upset over the theft.”

For more:  http://money.cnn.com/2013/02/18/news/jewelry-heist-four-seasons/

Comments Off on Hospitality Industry Crime Risks: New York Hotel Thieves “Smash Jewelry Cases” And Walk Out With Over $160,000 In Watches And Diamonds

Filed under Crime, Liability, Pool And Spa, Risk Management, Theft

Tagged as , , ,

by | January 26, 2013 · 7:57 am

Hospitality Industry Theft Risks: Pennsylvania Restaurant Manager Charged With Stealing Over $160,000; Made “Unauthorized ATM Withdrawals, Credit Card Purchases”

“…a certified public accountant’s review found that (he) made a string of unauthorized ATM withdrawals, unauthorized credit card purchases and unauthorized check card purchases totaling $163,601 from the employee theftbusiness accounts of Cosmopolitan…in addition to dinner cruises and visits to a strip club, (he) allegedly spent the money on household items at a retail store…”

A former general manager of Cosmopolitan in Allentown allegedly stole $163,601 from the restaurant and spent it on things like dinner cruises and visits to a strip club.

Cosmopolitan opened in October 2010. Fortunato was hired in September 2010 and promoted to general manager about a month later, District Attorney Jim Martin’s office said today in announcing the charges.

Fortunato’s responsibilities included overseeing the daily operations of the restaurant, handling employee payroll, paying bills to suppliers and collecting receipts for the business.

Fortunato also was given check-signing authority for the restaurant’s various bank accounts and ATM/debit card account at Wells Fargo Bank, a Visa card, an American Express account and access to cash receipts at the restaurant, Martin’s office said.

His responsibilities included using any of the accounts, but only for operations of the restaurant, according to the district attorney’s office.

Last June, Cosmopolitan co-owner Myron Haydt was reviewing the restaurant’s financial records and found a series of suspected unauthorized purchases by Fortunato, according to the statement.

For more: http://www.lehighvalleylive.com/allentown/index.ssf/2013/01/former_manager_of_allentowns_c.html

Comments Off on Hospitality Industry Theft Risks: Pennsylvania Restaurant Manager Charged With Stealing Over $160,000; Made “Unauthorized ATM Withdrawals, Credit Card Purchases”

Filed under Crime, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Tagged as , , , , ,

by | January 5, 2013 · 7:45 am

Hospitality Industry Crime Risks: Washington Hotel Room Used By “Major Identity Theft And Forgery Ring”; Police Seize Laptops, Lamination Machine And Bags Of Stolen Mail

“These labs tend to be mobile…they go from hotel to hotel…the room contained a computer, two laptops, laminating paper, card stock, check stock and a hot laminator machine along with identification, checks and identity theftbags of mail that had been stolen. Also seized were more than 100 licenses and other IDs, roughly 20 hard drives and numerous other media storage devices, such as thumb drives and memory chips.

Police and U.S. Secret Service agents believe they have taken down a major identity theft and forgery ring involving at least a dozen suspects and more than 100 victims. The number of victims could grow as experts analyze computer hard drives and video surveillance footage from businesses where the suspects tried to get money. As of Friday evening, authorities estimated more than $45,000 had been stolen, but said that amount is likely to grow.

Evidence is being examined at the Secret Service’s Electronic Crimes Task Force lab in Seattle. Many of the victims — both individuals and businesses — are from Everett, but the center for the operation was traced to a hotel room in Shoreline.

That’s where police and the Secret Service found what amounted to a ID-theft factory Thursday.

For more:  http://heraldnet.com/article/20130105/NEWS01/701059947

Comments Off on Hospitality Industry Crime Risks: Washington Hotel Room Used By “Major Identity Theft And Forgery Ring”; Police Seize Laptops, Lamination Machine And Bags Of Stolen Mail

Filed under Crime, Guest Issues, Liability, Management And Ownership, Technology, Theft

Tagged as , , , , , ,

by | January 4, 2013 · 8:02 am

Hospitality Industry Theft Risks: Chicago Restaurant Guests Warned About Thieves Targeting Cell Phones

“…The thieves put a flyer on top of the customers’ cell phones. The men pick up the flyer and the cell phone as Cell Phone Theft (2)they leave. They know they can turn these cell phones over to a pawn shop and get a couple hundred bucks.”

Chicago police are warning people about a cell phone theft ring that is hitting downtown restaurants. Customers at restaurants on Michigan, Fairbanks, Wabash and Ontario have been robbed in the last four days.

Police say a group of young men approach diners to say that they are raising money for a basketball team. “I was eating by myself tonight and scrolling on the phone and didn’t even think that someone might come and swipe it,” diner Todd Ganz said.

The team of thieves is operating in three different areas, police say: in the 400-block of East Ontario, the 600-block of North Fairbanks, and in the Loop along Michigan Avenue and the 100-block of North Wabash.

For more:  http://abclocal.go.com/wls/story?section=news/local&id=8941275

Comments Off on Hospitality Industry Theft Risks: Chicago Restaurant Guests Warned About Thieves Targeting Cell Phones

Filed under Crime, Guest Issues, Risk Management, Theft

Tagged as , ,

by | December 28, 2012 · 6:50 am

Hospitality Industry Theft Risks: Wisconsin Hotel Manager Charged With Stealing More Than $28,000; Purchased Prepaid Credit And Gift Cards From Company Accounts

A police audit of credit card purchases made by Huff on her company account revealed $19,603 in prepaid Visa and other gift card purchases made at a local grocery store during a six-month period. Investigators also employee theftdiscovered checks Huff wrote for personal use as well as additional credit card purchases for a cellphone, a computer, auto insurance and auto repairs.

A Schofield woman charged with stealing more than $28,000 from two hotels she managed will be sentenced Jan. 10 after reaching a plea deal with prosecutors. Gretchen Huff, 32, was charged in March with embezzlement after investigators discovered thousands of dollars in unauthorized charges to her employer’s credit card for personal purchases. Huff is the former general manager of two Ghidorzi Co. hotels, the Country Inns and Suites in Schofield and the Fairfield Inn and Suites in Weston.

Managers at Ghidorzi Cos. became suspicious of Huff in January after discovering a one-week van rental in August 2011 for $1,029. Police say Huff paid for the rental with a business credit card issued in her name. Huff admitted renting the van to go on vacation with her children in Nebraska and offered to pay back the money. Further investigation by Ghidorzi officials uncovered additional unauthorized charges, including $2,000 for a used car and stereo equipment Huff said she purchased for a boyfriend in Chicago.

For more:  http://www.stevenspointjournal.com/article/20121228/SPJ0101/312280278/Sentencing-set-woman-charged-hotel-thefts?odyssey=mod|newswell|text|FRONTPAGE|s

Comments Off on Hospitality Industry Theft Risks: Wisconsin Hotel Manager Charged With Stealing More Than $28,000; Purchased Prepaid Credit And Gift Cards From Company Accounts

Filed under Crime, Insurance, Labor Issues, Liability, Management And Ownership, Theft

Tagged as , , , , ,

by | December 14, 2012 · 7:05 am

Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

In October, hotel insurance-related company Petra Risk Solutions issued its hotel clients an alert headlined, “Crime Alert – Onity Guestroom Door hackers are for real.”

Onity Electronic LockIn Florida, Petra loss prevention expert Todd Seiders said he received reports that a hacker had been seen carrying a laptop and using a key card – possibly connected to the laptop – to open locked guestroom doors.

The locks on more than 1 million guestroom doors are in various stages of being repaired, following the revelation this summer that they may be vulnerable to hackers.

The New York Marriott Marquis, the biggest hotel in Manhattan, for instance, just completed updating all of its nearly 2,000 door locks. The hotel is one of thousands of properties with guestroom locks manufactured by Onity, a division of United Technologies. An Onity website also shows Sheraton, Hyatt, Holiday Inn, Fairmont, Radisson and other well-known hotels from Paris to Perth as also having its locks updated.

The hacking tool, according to Petra’s alert, could be made for about $50 in easy-to-acquire electronic parts.

“Please train and notify your hotel staff that these burglaries are spreading across the country,” Petra’s alert cautioned hoteliers. “Hotel staff should be vigilant while they are on the guest floors and paying attention to guests walking through hallways…Take time to watch guests walking through your hallways to ensure they are going to a room and entering it. Be very suspicious of someone carrying a laptop or small bag wandering the hallways. Greet guests and ask them if they need assistance.”

Onity did not immediately return an e-mail seeking comment about the issue. But in a statement updated for December on its website, Onity says that as of Nov. 30, it has shipped hardware to fix 1.4 million hotel door locks. The hardware includes mechanical caps and security screws that “block physical access to the lock ports that hackers use to illegally break into hotel rooms.”

For more:  http://www.usatoday.com/story/hotelcheckin/2012/12/14/hotels-fixing-flaw-that-made-room-locks-vulnerable-to-hackers/1769081/

Comments Off on Hospitality Industry Security Risks: Hotel Electronic Door Locks In "Various Stages Of Being Repaired"; "Mechanical Caps And Security Screws" Provided To Block Hackers

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , , , , , ,

by | November 17, 2012 · 7:18 am

Hospitality Industry Theft Risks: Hawaii Hotel Store Shoplifter Steals $2,000 Worth Of Merchandise; Surveillance Cameras Record Theft

A shoplifter brazenly stole more than $2,000 worth of merchandise from a small clothing and jewelry shop in a Waikiki hotel. The whole theft was recorded on surveillance cameras, and the video has been posted online in an effort to nab the suspect.

[youtube=http://www.youtube.com/watch?v=L7CoKibjaDo&feature=youtu.be]

The theft happened Nov. 5 at the Angels By The Sea store at the Waikiki Beach Marriott Hotel. The surveillance video clearly shows a woman looking through some of the clothing. She then removes the clothing from its hanger, rolls it up, and casually puts it in a large bag.

The store’s owner said the woman told the sales clerk a story. According to store owner and designer Nina Thai, the woman claimed to be a jewelry designer from Kauai. “‘I make a lot of jewelry, so I want to have time to take a look so leave me alone,'” Thai said the woman told the clerk.

The store usually has two or three clerks on duty, but Thai said the store was short-handed that day, and only had one clerk at the time. And when that lone clerk was busy with a customer, the shoplifter helped herself to the jewelry.

The store’s management said they discovered the theft because the shoplifter had moved a lot of the jewelry from their usual places. “Because we stay in here more than at home,” said Thai. “So we remember every single item.”

And then they saw the surveillance video, and watched as the woman took earrings, necklaces, pendants, leggings and tops. The haul was the by far the biggest theft in the store’s three-year history.

For more:  http://www.hawaiinewsnow.com/story/20124145/shoplifter-ignores-surveillance-cams-video-now-on-youtube

Comments Off on Hospitality Industry Theft Risks: Hawaii Hotel Store Shoplifter Steals $2,000 Worth Of Merchandise; Surveillance Cameras Record Theft

Filed under Crime, Insurance, Maintenance, Management And Ownership, Technology, Theft

Tagged as , , , , ,