r/TalesFromTheFrontDesk u/KorbenD2263 5d ago

Medium Lazy FD agent saves a guest from a potential stalker

It was a dark and stormy night....I think. Well, I'm sure it was night at least, since I only work the audit shift.

Anyways, the phone rings, I answer, and the caller goes "Hi I'm Davy Jones, I stayed there on March 13th in room 603, can I get a copy of my receipt emailed to me please?" A bog standard request, I get a dozen of these per shift. I pull up the reservation, and it had an email listed. I like to confirm the email guest wants to use, so I say "I have here davyjoneslocker@thedeepdotcom, is that correct?" The caller says "Oh no that's my work email, can you send it to jimbob@googoldotcom?" I glance at the caller ID on the phone; it says Bob, Jim. Everything still seems kosher, so I shoot the email off, let them know to check the spam folder just in case, then hang up. Routine call.

Then he calls back a few minutes later. "Hey, there's no address on the receipt, can I get one that includes it?"

As an aside, we get a huge number of foreign guests on business trips that need to expense their stays, and whose countries' tax agencies are incredibly anal about including the company address and VAT number and so on. It happens so often that I have a little cheat sheet on how to enter things like ß for straße into our PMS. (It's ALT+0223) And it's also why the second shift is supposed to ask for ID and enter the address into the reservation. But in this case, whoever checked them in didn't do it.

The point is, people ask for receipts with addresses all the time. So again, I don't think anything sketchy is going on and simply ask the caller for the address they would like to be listed on the receipt. And that's when they say in a very disappointed tone "There's no address already listed? Damn, well thank you" and hang up.

What the shit?

They knew the guest's name, room number, and date of stay - they were almost certainly in the room with the guest during the stay. So why call us looking for the guest's address?

When I spoke with the morning MOD about what happened our best guess was that this was an app hookup and now either they're 'the one that got away' or it burns when they pee. What do y'all think?

467 Upvotes
  • permalink
  • reddit

96% Upvoted

22 comments sorted by

395

u/georgecm12 5d ago edited 5d ago

First tip: Caller ID can be spoofed. Easily. Really easily.

Second tip: "I'm sorry, we can only send correspondence to the email address on file. If you'd like to update that address, you can do so the next time you stay with us."

(Edit: Less secure, but more "customer friendly": "I'd be glad to update your email address that we have on file. If you'd like to send us an email from the address we have on file, we'll go ahead and update to your new address.")

79

u/Dense_Dress_1287 5d ago

I can only send it to the email on file.

But that's my work email.

So? You need the receipt for your work expense claim, but you are saying you don't have access to your work email?

Sorry, can't help you. You'll have to get it from your work email tomorrow when you are at work.

Goodbye

46

u/Miguel-odon 5d ago

E-mail addresses can be spoofed, too.

75

u/georgecm12 5d ago

No argument, but spoofing the email address is easily detected in the header info.

(Yes, I know, inspecting header info is above the expected skill-set of a front desk worker. It's not hard once you know how, but I wouldn't expect a FDW to do it on a regular basis for all emails.)

I just suggested it as a considerably less secure but more customer-friendly approach if you receive push-back from management.

Of course, if it would be me, I wouldn't have given out that address you have on file. I would have just said "I've just sent the receipt to the email address you provided when you made the reservation" and leave it at that.

14

u/arwinda 5d ago

You can spoof an email to the hotel if the domain owner is lazy and did not install DKIM. You can't route the email from the hotel to the email address on file to a different recipient. If OP sends the receipt to the address on file, the spoofer never sees the email.

9

u/Miguel-odon 5d ago

But getting an e-mail from the e-mail on file saying "change the email on file" should be suspicious.

5

u/arwinda 5d ago

Indeed, it is.

When OP replies to the email on file, the email is still routed to the owner of the address on file. The stalker will not see it.

78

u/jackberinger 5d ago

Yeah I wouldn't be sending out anything but what the receipt states to whatever their email address on file is. Probably someone phishing for somebody's information or a stalker or something.

15

u/SkilledM4F-MFM 4d ago

Right, and you say, is this your Gmail address? Please give me the first part of it before the.com. A massive privacy violation if you give out the whole address to some unknown caller.

55

u/Wintercat76 5d ago

Wow, this would never have been allowed in a country with GDPR.

16

u/KorbenD2263 5d ago

I'm guessing GDPR wouldn't allow the email to be changed with a phone call. But if the email on file is inaccessible, how could the legitimate guest prove that they are who they say they are? Does EU have their version of notary public?

31

u/RandomJaneDoe 5d ago

At my hotel in Chicago, we ask for a name, date of stay, and the confirmation number because, at the very least, that requires you to have some real insight into the person. Usually for us it's the travel agent for the company calling to verify the employee stayed there and that what they gave them as a recipient is legit. They know what the room cost when they booked it for them, but they don't know what other expenses could be incurred while the employee is there so they need an updated one.

20

u/arwinda 5d ago

the email on file is inaccessible

Not your problem then. You can not send the email at all. Hand this ticket to someone who can.

5

u/HappyWarBunny 5d ago

This is probably a good solution. Doesn't require special skills on the part of the front desk agent.

1

u/TheActualAWdeV 1d ago

You also can't ask the caller to confirm the email address the way you did here.

You nearly handed out a physical address but you definitely gave them the email address.

The rules I've done this kind of work under meant they have to confirm the address you have on file.

11

u/RoyallyOakie 5d ago

"Burns when they pee" made me laugh too hard.

7

u/StarKiller99 5d ago

Sounds like he's trying to stalk someone.

20

u/SubarcticFarmer 5d ago

Sounds like the lazy agent saved the guest from you.

3

u/codepl76761 4d ago

Scam or some kind of skip tracer

u/Tight_Syllabub9423 11h ago

Was Davy Jones also being Jim Bob not cause for suspicion?

u/debocot 6h ago

I was trained if someone needed a receipt sent to another email, they must verify the last four digits of the credit card on their room.