It is the summer of scammers.
Event owners are finding themselves in the unenviable position of having to send out urgent emails and text messages to athletes and families, advising them to make room reservations only through the official host hotel, or only through the event’s tournament housing service – and to ignore false emails, advising them to “make your reservations now using this link.”
This is because, as it turns out, the emails participants are receiving have not been sent by the event owner, but instead by scammers, and have the goal of harvesting credit card data to be sold on the dark web. It is a problem that has been around for a long time – because it works.
Generally speaking, such emails have a tone of urgency, telling registrants the host hotel is sold out but that rooms are available in another property, and can be reserved using the link shown. On other occasions, the email may tell registrants the hotel’s (or the housing service’s) data has been compromised and that they need to re-enter everything in order to confirm.
The Professional Convention Management Association (PCMA) addressed the issue of what have variously become known as room poachers, room pirates, room skimmers, hotel phishers and room scammers, noting the actions tend to follow a specific pattern: “The bad guys will squat on a URL that looks like it’s the hotel’s URL, with an address such as nationalreservationcenter.com/hotelbeachinn.
In most cases, the address includes the actual name of the hotel and clicking on it will take users to a website that looks like the hotel’s website. It’ll have pictures, it’ll have a map, it’ll have a “call now” button. If you click on that “call now” button, the people pick up at the call center, using a greeting like, “National Reservation Center” And you’ll be giving your credit card number over to a third party. People may even get a confirmation email that makes it look like it came from that hotel.”
But no reservations are being made, or even confirmed. Instead, credit card information, along with the identity information, is being gathered and sold. And it’s big business.
Several years back, Maryam Cope, president of government affairs for the American Hotel & Lodging Association (AH&LA), told PCMA, “In the latest poll that we just had, there were 55 million bad bookings a year, translating to some $3.9 billion in bad bookings [in the United States]. Just to give you some more detail on those numbers, when I started at AH&LA three years ago, we did an independent consumer poll, and at that time, it was about 6 percent of consumers [who reported being the victim of an online hotel- booking scam]. That poll was redone in February [2017], and it’s now 20 percent of consumers who report that this has happened.”
And says Cope, the travel housing industry seems to be particularly vulnerable to this.
“If this were the airline industry, this would not be stood for. If somebody were pretending to be Delta, all hell would break loose. But for whatever reason, I think it’s underreported, because people are either paying twice for a room or the hotel is comping them a room, so they don’t go think about it to complain.”
According to the Industry Events Council, the statistics can’t be measured just in lost income, either:
- 78 percent of respondents said they have had to take valuable time away from their event planning and spend it responding to the problems being caused by room poachers
- 40 percent said their brand had suffered damage as a result of the problems scammers caused
- 21 percent said they had to deal with unexpected attrition damages because of scammers
- 10 percent had attendees who could trace ongoing credit card fraud and identity theft back to room block poaching
- 8 percent of event owners said they had incurred legal fees trying to deal with the problem.
What are some steps that owners can take to fight back, or missteps they can avoid? A few tips:
- A whopping 49 percent of all poachers have accessed the names of participants, teams, exhibitors and others by looking at lists on the event website (or on the mobile app for the event), said the Industry Events Council. While the list is a nice promo for the event, the risk may not be worth it. MeetingMax notes that for events if an attendee list is needed, require users who want to access it to create an online account and to “use password protected lists to ensure only those with the correct password can view it. Another option is to include false names of internal employees to fish out poachers.” (Policing the list of those with online accounts is another step that can be taken.)
- On all correspondence, as well as on emails, note your policies to attendees: The host hotel is X/the tournament housing service is Y – and that neither of those entities will send out unsolicited emails to attendees. Post direct links to the official hotel or the official tournament housing service and remind attendees that they alone are responsible for making their plans. (And because there are hackers, check your links regularly to make sure they have not been redirected.)
- Only authorized persons should be responsible for obtaining hotel room block pick-up lists; ascertain that your hotel and/or your tournament housing company is aware of this.
- Advise attendees that if they receive an unsolicited email about their housing, they should bring it to your attention (without clicking on any links or replying to the sender).
- MeetingMax adds that if you are made aware of a phishing scam, “Consult legal counsel. If poachers are using the event logo or trademarked name, they are in violation of intellectual property law. Most cease-and-desist letters will get them to back down.”
Vigilance should extend to post-event communications; according to MyWestman, one scam involves an email with an attachment that appears to be a hotel receipt in PDF format but is actually malware that will scan a device and collect sensitive information.
While it is impossible to put all scammers out of business, raising awareness is the key to keeping event attendees (and their data) safe.
About the Author
