We were tasked recently to investigate a suspicion of fraudulent activity carried out by employees at a hotel. The client has several businesses and relies on their employees to manage the hotel.
The fraudulent activity proved to be extensive, involving several scams carried out by three employees. One online payment scam saw customers attempt to pay online or by phone, only for their payment to be declined. Once declined, the employees would inform the customer by email/phone that there was an issue with the card-machine and ask them to bring cash; the employees would then keep the cash and alter the books to indicate rooms were empty.
We also found evidence that the employees were ‘making deals’ with guests by adding discounts to the rooms and working with other fraudsters in similar hotels in the area, to trick customers into believing their rooms were double booked or unavailable, only to recommend their counterpart with the advisory that they “only took cash”. The investigation also found a notebook containing dozens of individuals’ credit card details, including name, long number, exp-date and CVV – with many also including the home address of the customer.
An additional complication was that the email account being used was shared and rarely logged out of; therefore, it was difficult to attribute individual emails to a specific employee, as they all had access and were not signing off emails with their name (instead, they used the hotel name). However, the verbiage used in the emails was very similar (almost templated) in all emails indicating the three employees were likely complicit in the activity. As part of the investigation, we were going to look for additional evidence on the machine; however, before our team arrived, the device had been wiped, most likely by one of the three employees. In addition there was no CCTV covering the reception area.
Following our investigation, we were able to set out a strategy for the client that made the business much more secure. Much of this was tightening up the basics – the client told us that they, as many of us would, have asked themselves “how did I let this happen?”
To avoid these breaches, we advise starting with a simple checklist to make sure the fundamentals are solid, ensure proper oversight of employees is in place, conduct background checks on employees and have routine procedures in places to oversee all activity.
The client has now rectified all issues identified and is far more proactive with security following this incident, which resulted in thousands of pounds being filtered off by unscrupulous individuals. The incident was reported to the police, including the list of customer card details.