Typically, fraudsters will call restaurants and hotels purporting to be a representative of the company that provides their reservation or booking system. The criminals will try to convince the employee to reveal their login details, often under the guise that it's required in order to complete an important software installation.
Once an attacker gains access to a business' computer systems, they'll steal any customer data they come across, this will often include databases of customer names and contact details. This data will then be used to perpetrate targeted phishing scams that are highly convincing. For example, victims have reported receiving calls from people impersonating a restaurant or hotel they have a reservation with. The caller requests a payment from the victim claiming that it's required to confirm their reservation.
For more information on Cybercrime from the South West ROCU click here.