Keepnet Labs Logo

From Vulnerable to Vigilant

Discover how an international hotel chain overcame a severe smishing attack, transforming from vulnerable to vigilant.

International Hotel Chain in Tackling Smishing


An international hotel chain operating in 85 locations and employing over 8,000 individuals worldwide faced a severe and coordinated SMS phishing attack.

The attackers exploited localized content and personal information, posing a significant threat to the business. Employees were bombarded with 5 to 6 smishing messages each week. The widespread nature of the hotel chain added complexity to managing human risk, considering the diversity of languages, cultural contexts, and cyber awareness levels across different regions.

Traditional training methods proved inadequate to handle the scale and sophistication of the attacks. An automated human risk detection and response platform became imperative to address these challenges. Such a system would empower employees to identify, comprehend, and promptly report any suspicious SMS activity, effectively mitigating the risks associated with these persistent smishing campaigns.

Successful Outcomes

  • The achieved annual Return on Investment (ROI) stood at an impressive $239,940.

  • Significant potential financial losses were prevented, amounting to a reduction of $1.285M per year.

  • In three months, employees exhibited a remarkable 87% improvement in their ability to identify smishing attempts.

Understanding the Risks of Smishing Attacks

  • Data Breach Risk: Employees could unintentionally give attackers access to sensitive hotel and guest data.

  • Financial Loss: Smishing could trick employees into sharing financial information, potentially leading to significant unauthorized transactions and theft.

  • Reputation Damage: Public knowledge of successful smishing attacks could harm the hotel's reputation, potentially losing clientele.

  • Operational Disruption: Attackers gaining access to hotel systems like room bookings could result in substantial disruptions and customer dissatisfaction.

  • Legal Risks: Failure to protect guest data could result in breaches of regulations like GDPR or CCPA, resulting in legal action and heavy fines.

  • Internal Trust Issues and Panic: Sophisticated smishing attacks could foster employee mistrust, confusion and panic.

  • Location-based Risk: The challenge to protect and manage human issue across various locations presented a significant risk.

“Keepnet Labs revolutionized our cybersecurity strategy with their Smishing Simulator, boosting threat awareness across all locations. We now have streamlined reporting and comprehensive training capabilities to minimize human error. Through a proactive security culture initiative, we achieved an impressive ROI of $239,940 and witnessed an outstanding 87% improvement in identifying phishing attempts within a short span of three months.”

Jake Davis, Information Security Manager at International Hotel

Return on Investment (ROI)

The average loss per individual


Employees recognize and report Phishing

from 55% to 87% in 3 months

The total potential loss prevented: $1.281M annually

Average Cost of Smishing Incident Response

Avg. time to respond to a Phishing incident

from 8 hours to 2 minutes

The average cost of one staff

$60 per hour

The cost of a single Smishing incident reduced

from $480 to $2

The average number of Smishing incidents reported per year


The total estimated cost savings are $239,000 annually

(reducing the cost from $240,000 to 1000).

Keepnet Labs' Role in Tackling Smishing Threats:

  • Amplified Threat Awareness: Keepnet's Smishing Simulator used real-world scenarios, training employees across all locations to detect smishing threats.

  • Streamlined Reporting: Security training educated staff about smishing threats and streamlined the reporting mechanism across the hotel chain.

  • Minimized Human Error: By exposing employees to simulated attacks, Keepnet helped reduce human error across all locations.

  • Fostering Security Culture: Regular training created a proactive security culture throughout the hotel chain, involving employees in the cybersecurity strategy.

  • Regulatory Compliance: Frequent simulations ensured adherence to various cybersecurity regulations across all hotel locations.

  • Efficient Risk Management: The platform provided a centralized system for managing human risk across different locations, offering real-time monitoring and feedback to ensure continuous improvement automatically.

  • Real-time Monitoring: The Smishing Simulator tracked employee behavior during simulations, identifying weaknesses and determining training needs in all locations.

Operational Results

  • Over 8000 employees were trained, ensuring a persistent high-level security awareness.

  • In just three months, employees exhibited an impressive 87% success rate in recognizing smishing attempts which was 55% at the beginning.

  • Introducing robust policies and procedures dramatically improved the incident reporting and follow-up process.

  • Most importantly, the anxiety linked to smishing threats significantly decreased among employees and created a secure working atmosphere.

Strategic Results

  • Through Keepnet's seamless integration, the hotel chain achieved significant annual cost savings of $239,000.

  • They successfully mitigated regulatory risks, enhancing their compliance strategy and instilling confidence in adherence.

  • Rigorous security protocols and a defined incident response plan strengthened their cybersecurity defenses.

  • The unified approach enabled constant learning and risk analysis across all locations, fostering a culture of reporting and continuous improvement.

Experience the Power of Threat Sharing for FREE!

Try our Threat Sharing platform at no cost and discover how Keepnet Labs can help you avoid cyber threats. Sign up now and gain access to an extensive network of threat intelligence, automated threat blocking, and seamless threat data management. Don't miss this opportunity to enhance your cybersecurity defenses.

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate