So now I can script a bot to book restaurant reservations all over the city at busy times. Then nobody shows up for the reservations, the busy time has passed, and customers have moved on or gone home.
Restaurants make or break on one or two nights in a month. A calculated social engineering attack like this could bring down hundreds of restaurants in a city, which would cause millions of dollars in lost taxes, and you see where this is going.
I meant, you could build a bot that calls. We have the technology already, and the people on the other end probably won't notice. Plus the "do it over the Internet" thing where screen scraping and scripting is super easy.
But could you build a bot that calls and is convincing enough to trick the target into actually accepting the request as genuine and reserving the timeslot?
Yes, the time commitment of having one person pickup the phone and place 100+ phone calls (and the suspicion on the other end when you call back with a new name but the same voice).
You could write a screen scraper to book online through the various booking systems, but each booking system probably has its own restrictions on how many accounts you can have and how often they can book. You skip all of these protections when you phone your reservation in (arguably, the restaurant staff should be enforcing these protections when they pick up the phone, but restaurant staff are often overworked and apathetic).
I agree it's a problem. The probably means of mitigation is for restaurants to take your credit card number when you book. Many already do this. I expect it to expand if false bookings become a problem.
Restaurants make or break on one or two nights in a month. A calculated social engineering attack like this could bring down hundreds of restaurants in a city, which would cause millions of dollars in lost taxes, and you see where this is going.