A cyber threat group is now using artificial intelligence (AI) to target hotels to gain access to guests’ payment information, global cybersecurity firm Kaspersky has warned.

“Сybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user. For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels,” Lisandro Ubiedo, an expert at Kaspersky’s Global Research and Analysis Team says.

The threat actor sends phishing emails directly to hotel staff, often disguised as requests for reservation or job applications. Once a hotel employee interacts with the emails, malware called VenomRAT is installed on the hotel’s systems, giving attackers access to guests’ payment data and other sensitive information. The emails often look convincing, coming from legitimate-looking websites.  

Among Kaspersky’s recommendations include exercising caution when opening unexpected files, and fine tuning antics-spam settings to ward off customised phishing emails.