Phishing schemes are getting smarter with artificial intelligence, forcing hoteliers to rethink guest data security
Sep 25, 2025
Cybersecurity experts at Kaspersky are sounding the alarm: hotels are once again in the crosshairs of cybercriminals. Between June and August 2025, Kaspersky’s Global Research and Analysis Team (GReAT) uncovered a fresh wave of attacks from RevengeHotels, a group active since 2015. The difference this time? They’re using artificial intelligence to supercharge their methods.
For hoteliers, this raises the stakes. Even when your property looks secure and processes seem airtight, AI-driven phishing campaigns are making it easier for attackers to slip past defenses and steal guest data.
How the attacks work
The group typically targets hotel staff directly. Phishing emails arrive looking like ordinary booking requests or even job applications. They appear credible, with realistic details and links to what look like genuine websites. Once an unsuspecting employee clicks, malware such as VenomRAT is installed, giving attackers direct access to reservation systems, guest payment details, and other sensitive information.
In the past, these attacks concentrated on hotels in Brazil, but the latest campaigns show signs of spreading. Hotels in Africa and other global markets are now exposed, and destinations like South Africa, Kenya, and Nigeria — major hubs for both leisure and business travel — could become prime targets.
What makes this wave different
Kaspersky’s analysis shows much of the malicious code is generated with AI. That means the phishing emails and malware look more polished, are harder to distinguish from legitimate correspondence, and adapt more quickly than traditional attacks. In other words, what worked as staff training or filtering last year may no longer be enough today.
Lisandro Ubiedo, a Kaspersky expert, explains: “Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot. For hotel guests, this translates into higher risks of card and personal data theft, even when they trust well-known hotels.”
The business risk for hoteliers
For hotels, the implications go beyond IT departments. A breach can mean:
- Loss of guest trust: Travelers may think twice about booking if news spreads that your property mishandled their payment data.
- Regulatory and financial exposure: Data protection laws in many regions impose heavy fines for compromised customer data.
- Operational disruption: Malware can impact reservation systems, billing, and day-to-day functions, potentially leading to lost revenue.
How hoteliers can respond
Kaspersky recommends a proactive approach:
- Train your staff: Reservation teams and front-office staff are on the front line. Reinforce awareness of phishing tactics and establish clear reporting channels for suspicious emails.
- Harden your email systems: Fine-tune spam filters and anti-phishing protections, recognizing that AI-crafted emails will often look legitimate.
- Limit file risks: Avoid opening unexpected attachments, even if they appear official. Encourage employees to verify requests via another channel before clicking.
- Deploy advanced security tools: Endpoint detection and response (EDR) or extended detection and response (XDR) systems can provide real-time monitoring, threat visibility, and rapid containment.
Why vigilance matters now
Hotels are trusted guardians of highly sensitive personal and financial information. In a sector where guest trust is everything, a single breach can damage years of reputation building. The growing use of AI in cyberattacks means hoteliers can’t rely on yesterday’s defenses.
Protecting your property is no longer just an IT matter — it’s a core part of safeguarding the guest journey and ensuring long-term business resilience.
Source: Kaspersky
