Scammers nearly swindled $130,000 from a Waikiki hotel. It started with a phone call

A hacker is accused of nearly swindling a Waikiki hotel out of more than $130,000 ― and police say it all started with a phone call.
Published: Aug. 26, 2022 at 4:26 PM HST|Updated: Aug. 26, 2022 at 9:46 PM HST
Email This Link
Share on Pinterest
Share on LinkedIn

HONOLULU (HawaiiNewsNow) - A hacker is accused of nearly swindling a Waikiki hotel out of more than $130,000 ― and police say it all started with a phone call.

Law enforcement sources tell HNN the alleged scammer called Kaimana Beach Hotel about 10:30 p.m. last Friday, telling a front desk employee he was with the hotel’s IT company.

The worker was reportedly alone at the desk.

The scammer allegedly said he needed to perform maintenance on the hotel’s computer system and convinced the employee to give him remote access.

Sources say within minutes the worker noticed multiple credit card transactions had been made attempting to transfer more than $130,000 out of the hotel’s account.

While this type of scam is widespread, a financial crimes expert said the case stands out.

“The dollar amount is pretty staggering,” said retired FBI special agent Tom Simon.

The scheme is known as pretexting.

“Where an invented scenario is used to trick the victim into divulging sensitive information or in this case access to the computer system,” Simon said.

“It’s important for the hackers to create a sense of urgency so the victims feel pressure to act immediately without looping their bosses in. And I think that’s what went wrong this time.”

The worker cut the scammer’s access immediately after realizing something was wrong.

In a statement, a hotel spokesperson confirmed it was able to stop the transactions saying, “no funds were lost.”

“I can’t stress enough how important training is to make sure all the frontline employees of a company know they should never give sensitive information out,” Simon said.

“No matter how much pressure the person on the phone is putting on you.”

As for catching these types of criminals Simon says law enforcement has two options.

“One is the IP address,” he said. “Or digital fingerprint that they left behind when they accessed the system. And the other is my expertise and that’s following the money to see who benefits economically from this threat.”

Meanwhile, the investigation continues. HPD confirms there have been no arrests.