When Areerat Potikul and her two business partners opened Ocaso, a Mexican restaurant in the former Masa Azul space on Diversey Avenue in Logan Square, in September, they expected business to be slow at first. They were an unknown quantity in the neighborhood, and they figured people needed time to get to know them.
But then in November, strange things started happening. People made reservations and then didn’t show up. Other people sent emails saying that they’d been notified of reservations they didn’t book. Customers called Ocaso to tell Potikul that the website claimed the restaurant was temporarily closed and not accepting online orders. A friend sent a screenshot of a Facebook page that was ostensibly for the restaurant but which no one from Ocaso had actually made. On Ocaso’s real Facebook page, someone changed the restaurant’s phone number.
Potikul decided her computer must have been hacked. Looking back, she thinks that the problems must have started in October when her laptop froze and she passed along information to someone claiming to be from Microsoft in order to unfreeze it. She took the computer to the Geek Squad at Best Buy who helped her clean out the malware. She changed all her usernames and passwords. But still the wrong information kept getting posted online.
Potikul, her fiance Desiderio Benitez, and chef-partner Carlos Gonzalez couldn’t help but take it personally. “We actually sat around and asked, ‘Who doesn’t like you?’” Potikul says. “People have opinions, not liking others. But I can’t think of anyone. My friends and family are all in the same industry. I would think everyone would be supporting us instead of doing this.”
Hacking, though, can be an impersonal crime. “Cyber-attacks, including hacks, are a growing concern for small businesses,” says Sam Toia, president and CEO of the Illinois Restaurant Association, in a statement to Eater. “The IRA encourages operators to review the latest cybersecurity best practices for restaurants developed by the National Restaurant Association here. In the same way a small business should have a disaster plan, they should also create a digital security plan that assesses their risks and includes concrete steps to respond to a breach or attack.”
Potikul has been blaming herself. “We kept thinking, those things happen because we are the ones making a mistake,” she says. But that doesn’t solve the problem.
Ocaso’s website runs through two platforms: Smile for menu and online sales, and Tock for reservations. Potikul used Smile, which primarily serves Thai restaurants, for ten years in her previous job as manager at Penny’s Noodle Shop in Lakeview and said she’d had no problems; none of her colleagues in the restaurant industry have had issues with the system, either. The Smile support team found no irregularities. The customer service team at Tock helped Potikul reconfigure carry out and delivery options, and she says those seem to be working: online orders are available when the restaurant is open. Potikul also contacted Google to identify herself as the owner of the restaurant.
Still, reservations continue to be cancelled. Potikul isn’t sure whether this is because patrons are being extra cautious because of the omicron variant or because they’re resentful of Chicago’s new mandate that requires all restaurant diners to show proof of vaccination. So for now, she’s going to wait and see.
“We put a lot of work into this,” she says. “Someone or something is messing this up and not making us want to go forward with Ocaso. They’re not there yet. We want to find a way to fix this.”
Ocaso, 2901 W. Diversey Avenue, Open 5 p.m. to 10 p.m. Tuesday through Friday, 9 a.m. to 10 p.m. Saturday, and 9 a.m. to 9 p.m. Sunday.