Jump to content

Hackers in Thailand hacked a hotel. Looking for a legal advice.


plus7

Recommended Posts

On 12/31/2021 at 6:56 AM, mvdf said:

They know they were hacked and yet advised you to use email nevertheless. They should have disabled their email system or, if it was under the hacker's control, they should have removed or amended the email address on their website.

 

Ruthless of them to simply dismiss responsibility. The appropriate way to right this wrong is for them to write off this loss for reputational reasons and offer you a room complimentarily. 

When did they know that they had been hacked?   Presumably after the OP first contacted them, there's no suggestion, apart from yours, that the hotel staff gave the go ahead for paying via a hacked system.

 

The OP knew the name of the apparently substantial, well-reputed hotel yet sent his booking money to an individual's personal bank account.  

Link to comment
Share on other sites

9 minutes ago, Liverpool Lou said:

Why should they take responsibility if they didn't send you the dodgy personal bank name and number?   

 

They are right, unfortunately, you sent the money to a third party individual, not a "big and leading hotel" account.   Why would you do that without checking the veracity of the request with the hotel?

 

Have you reported to the police that an individual whose name and bank details you know defrauded you?

One reason is it came from their email account, that counts for something. 

 

I have regularly made payments to hotels (on Koh Lipe) that had a private bank account not a business name). So it would not really raise a red flag from me if it came from the hotel its email itself. That is their responsibility. In the Netherlands this happend too and the companies were at least partially liable. So i would not say its that cut and dry.

Link to comment
Share on other sites

12 minutes ago, robblok said:

One reason is it came from their email account, that counts for something. 

 

I have regularly made payments to hotels (on Koh Lipe) that had a private bank account not a business name). So it would not really raise a red flag from me if it came from the hotel its email itself. 

Perhaps it wouldn't raise a red flag with you because you were familiar with that parochial booking system in Koh Lipe.  The OP knew the hotel was part of a big, well-reputed group that would not have booking payments sent to a private individual's personal bank account yet he didn't query it.

Edited by Liverpool Lou
Link to comment
Share on other sites

1 minute ago, Liverpool Lou said:

Perhaps it wouldn't raise a red flag with you because you were familiar with that parochial booking system in Koh Lipe.  The OP knew the hotel was part of a big, well-reputed group that would not have booking payments sent to a private individual's personal bank account yet he didn't query it.

If it was a big well reputed group then yes it would raise red flags, but in lipe and other islands it often works different (non big groups). But still getting emails from the hotel itself in name of an employee would make things a lot more trustworthy.

 

As a company you are responsible for your cybersecurity, though your point is well made too.

  • Like 1
Link to comment
Share on other sites

On 12/31/2021 at 10:10 AM, snowgard said:

Yes, I thought the same. In real a easy job for the police.
1. They have the bank account owner, who received the money.
2. They can find out the ip of the person who sent the email.

3. They can find out over which ip the mail account is checked for new mails.

You forgot 4. They'd have to give a <deleted> (they won't).

  • Thanks 1
Link to comment
Share on other sites

Well, that's really interesting. Topic author mentioned the DKIM signature - if it is really valid (verified with DNS records) and the MX record is valid - then it's either an insider or hacker has access to hotel's mail accounts (or internal user accounts).

 

But given this post:

On 12/30/2021 at 4:43 PM, plus7 said:

Addition: I did a websearch on hotel name and found post on tripadvisor (mytrip) reporting exactly the same situation on 19 November 2021.

I bet it's an insider or hotel staff making some extra money, rather than any alleged "hackers". A large hotel did not block the supposedly hacked email account within 1.5 months?! LOL.

 

 

P.S. Plot twist: author is sued by the hotel for defamation :biggrin:

Link to comment
Share on other sites

1 hour ago, Liverpool Lou said:

When did they know that they had been hacked?   Presumably after the OP first contacted them, there's no suggestion, apart from yours, that the hotel staff gave the go ahead for paying via a hacked system.

 

The OP knew the name of the apparently substantial, well-reputed hotel yet sent his booking money to an individual's personal bank account.  

from OP's second post, it appears that the hotel knew about the situation already in november:

 

so not shutting down the email domain or redirecting it to another server in a timely manner is criminal negligence and the hotel should be liable.

 

Link to comment
Share on other sites

On 12/30/2021 at 1:36 PM, tgw said:

yes, that part of the story stands out.

points to an inside job.

I would report the case to the cybercriminality division of the police, along with the report from November.

 

Either an inside job or criminal negligence.

 

Also, the account should be easily traceable.

I'd bet on inside job.

It would seem to be an entirely appropriate case for either the Cyber Crimes Investigation Bureau (CCIB) or the High-Tech Crime Division (HTCD). But question is will they really be interested in investigating this real crime rather than easy targets such as "defamation"? Should be easy to trace which bank account the money actually went to for sure.  

 

Link to comment
Share on other sites

On 12/30/2021 at 11:56 PM, mvdf said:

Ruthless of them to simply dismiss responsibility. The appropriate way to right this wrong is for them to write off this loss for reputational reasons and offer you a room complimentarily. 

As a business owner dealing with public in the UK, I can say that a good reputation (and the confidence it gives to future clients) is much more important than failing to resolve an issue such as this. I would immediately investigate and tighten IT security whilst making good the financial loss of the customer by either compensating or offering the services expected. Sadly Thai businesses do not seem to care to uphold these values. Then they cry when they have no customers (but maybe fear of defamation suits stops their name being published so why care anyway?). T.I.T.

 

Link to comment
Share on other sites

14 hours ago, The Theory said:
19 hours ago, Liverpool Lou said:

Well, if that highly unlikely circumstance did happen, at least the OP has the name and bank details of the perpetrator that you suggest those staff gave him.

And you believe that everything is "logical" here ????

Huh?  What are you suggesting that "I'm believing is logical"?

Link to comment
Share on other sites

  • 3 weeks later...

Hi,

 

I was near Customer Protection Board and brought them this case and police report.

A clerk in the office, who didn't seem too much busy,  said that since I had not entered into contractual agreement with the hotel - they didn't receive the money actually -  I'm not covered by "customer protection law"

I think I need a lawyer who could explain how come that email "Yes, please pay to this account"  is not an agreement in Thailand.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...