Last night I was awakened from my hotel bed in what, I believe, is the newest and scariest phishing attempt to date. For the uninformed, phishing refers to efforts to steal one’s personal—especially financial—information. In other words, identity theft.
At 2:54 a.m. the phone by my bed startled me out of a very sound sleep. The polite young man, identifying himself as Jason, asked if this was room 203. When I said it was, he apologized for calling at such an hour, then launched into a convoluted story about how the hotel’s internet had gone down, how the computer technician they had called had fixed it, but in doing so had eradicated the hotel’s database. Again, he apologized for calling but the manager, he said, had asked him to phone each room and manually restore each guest’s information.
As muddled as I was, something didn’t feel right, and besides, I wasn’t about to go searching for my wallet in the dark. When I told him I would provide the information in person, in the morning, after I was dressed, he shouted, “F*** Y**!”
Needless to say, I was too angry to get back to sleep and lay churning all night. I knew exactly what I was going to say to the hotel manager and by dawn had composed in my head the letter I was going to write to the parent corporation. It was only when I stormed into the lobby this morning, that I had any clue what had actually transpired.
“What was last night about?” I demanded.
Mr. Patel looked at me blankly. “What do you mean?”
I related to him what I just told you, to which he replied, “No one phoned. I am the only one here and I was asleep.”
I continued to press, running repeatedly into Mr. Patel’s obviously guileless denials. “No one phoned. Maybe another guest,” he said, offering a feeble smile and looking as confused as I was becoming. Then, upon reflection, he reconsidered. “But they would have had to call here.” He gestured at the desk. “And I would have had to transfer the call. Nobody phoned. I was asleep.”
He was right. Nobody could have phoned. But somebody did. Someone had hacked into the hotel’s telephone system and reached right into my room. Who knows how many others he called? I suspect everyone. How many of these, their minds clouded with sleep, had surrendered to this nameless, faceless stranger their name, mailing address and credit card number, along with its expiration date and the three digit CVC code on the back? It was the perfect time to call. Now I am wondering how many guests at how many other hotels are going to fall prey to this very sophisticated scam. I am certain it won’t end with me.