Online security awareness: phishing and email spoofing

As a partner on our platform, you’re likely to have access to a large amount of guest data, including their names, addresses, credit card details and phone numbers.

This means that your extranet account can be a tempting target for cybercriminals and fraudsters, who use a variety of techniques to try to gain access to this valuable data. Phishing is one such technique, which is explained in this article. Two other common techniques are malware and social engineering.

What’s in this article:

Understanding phishing

Phishing is a type of cyberattack carried out by someone pretending to be someone else in order to steal or earn money or data. Phishing is the most common method by which organisational breaches occur.

Phishing attempts are usually aimed at stealing:

• Guest reservation data.
• Personal information of employees and guests.
• Credit card information.
• Money, by tricking staff or compromising systems.

Phishing attacks most commonly target individuals or organisations with valuable data. Accommodation partners like you can become targets because of the type of sensitive and valuable data held in the extranet. Fraudsters may attempt to mimic our emails in order to phish your username and password for the purpose of taking over your account. These phishing emails can lead to a webpage that looks very similar to the extranet login page, but if you look at the URL address bar you will notice differences. The key to protecting your business is to report these emails to us as soon as you spot them.

If we detect suspicious activity in your extranet account, we’ll immediately disable the link feature in any messages you send to your guests via our platform. This is to prevent cyber criminals from impersonating you and exploiting this messaging channel to send fraudulent payment links to guests, particularly in the event of a phishing attack on your property.

Understanding email spoofing

Email spoofing is a technique that cybercriminals use to trick you into believing an email came from a trusted sender, by falsifying the sender’s email address. Spoofed emails can be used for several malicious purposes including phishing attacks, spreading malware, conducting scams or launching targeted cyberattacks. 

We use Domain-based Message Authentication, Reporting and Conformance (DMARC) to protect our platform and partners like you from email spoofing. DMARC is an email authentication standard that allows email receivers to verify the authenticity of a message. We have a strict policy, which means your email system should reject messages that don’t pass the authenticity checks. 

While this standard reduces the risk of receiving spoofed emails, there are some scenarios where spoof emails are still delivered. This depends on the configuration of your systems. For example, if you experience network issues that delay the authentication, some systems are configured to deliver the unauthenticated message instead of deferring it.

Identifying phishing attempts

You probably receive suspicious emails every day. Depending on your email client, these suspicious messages may be flagged or automatically moved to the spam folder, but some may get through. You can spot these by keeping an eye out for:

• Urgent language
  Phishing emails tend to create a false sense of urgency, for example with threats of your extranet account being suspended or an urgent email regarding your financial situation. Fraudsters will always adapt their techniques to make their phishing emails look as legitimate as possible. 
• Errors and mistakes
  Keep an eye out for spelling errors or grammatical mistakes. If you spot numerous mistakes or a mix of different languages in the same email, it’s likely a phishing email. A phishing email will also be typically written in a mix of different languages. You can always check who the real sender is in the ‘From:’ field of your email client, or by checking the sender located inside the arrowheads (<,>). Emails from Booking.com should always come from an address ending in ‘booking.com’, regardless of the subdomain (as in example@sg.booking.com). An email address like ‘support@booking-103266.com’ is not from Booking.com and is most certainly malicious. Do not interact with such emails, and instead report them as spam.
• Urgent requests without previous communication shared
  Booking.com will never ask you for any urgent requests without sending prior communication. If you receive a suspicious email requesting urgent action, please refrain from taking any steps until you have contacted your Account Manager or Customer Service. This will allow us to review whether any internal updates have been made and to report the email to the Security team if necessary.
• Incorrect sender email addresses
  Don’t automatically trust the email display name. Check the email address in the ‘From’ header. If it looks suspicious, don’t open the email. Here are a few examples of trusted Booking.com email addresses:
  • no-reply@partners.booking.com 
  • email.campaign@sg.booking.com 
  • noreply-payments@booking.com 
  • customer.service@booking.com 
  • customer.care@booking.com 
  • invalid-cc@booking.com 
  • noreply@booking.com 
  • noshow@booking.com
  • example@property.booking.com 
  • example@mailer.booking.com 
  • example@guest.booking.com 
• Foreign links
  Scanning the links you receive can help you prevent cyberattacks and improve your awareness of potential cybersecurity risks. There are a few methods for checking links:
  • Check the real destination of a link by hovering your mouse over the link or by tapping and holding the link if you’re on a mobile device to check the destination of the link. If the link doesn’t take you to an address ending in ‘.booking.com’, don’t click on it. 
  • There are also online tools and services designed to analyse and scan URLs for potential threats and malicious content. 

What to do if you suspect a phishing attempt

If you suspect your computer or laptop has been infected with malware, try performing one or more of the following steps:

• Reset your email account password first, then reset your Booking.com account password. To do this, go to http://admin.booking.com, type in your username, then click on ‘Having trouble signing in?’
• Scan your device with an updated malware scanner. Not all phishing attacks steal passwords – some can have malicious software embedded in a ‘file’ which may be malware, spyware, ransomware or a virus. It’s very important to scan your device if you think you’ve clicked on a malicious link or downloaded unrecognised files.
• Report security issues within 24 hours of a suspected or actual phishing attack. This allows us to start securing your account to protect your business and your guests as quickly as possible. Don’t forget to include all relevant details, such as a copy of the suspicious email you received, or any unrecognised activity in your account. Read these instructions on how to safely forward a suspicious email as an attachment.

How to download suspicious emails in order to report them

To report a suspicious email, you’ll need to download the email in .eml/.msg format. There are different ways to do this, depending on your email provider and client.

Gmail:

1. Open the email you want to download
2. Click the three dots in the upper-right corner of the email
3. Select ‘Download message’ to download in .eml format

Outlook (web):

1. Open the email.
2. Click on the three dots in the toolbar above the email.
3. Choose ‘View message source’ to view the email in .eml format.
4. To download as .msg, you may need to open the email in the desktop version of Outlook and use the ‘Save As’ option.

Yahoo Mail:

1. Open the email
2. Click on ‘More’ (three dots)
3. Choose ‘Download message’ to download in .eml format

Microsoft Outlook (desktop):

1. Open the email
2. Click on ‘File’ in the menu
3. Click on ‘Save As’ and select the .msg format

Apple Mail:

1. Open the email
2. Right-click on the email
3. Choose ‘Save As’ and select the .eml format

Thunderbird:

1. Open the email in Thunderbird
2. Right-click on the email
3. Choose ‘Save As’ and select the .eml format

Please note that these instructions may change with updates to the email platforms and clients. Always check the specific options available in your email client for the most accurate guidance.

Protecting your organisation from phishing attempts

To prevent security breaches, we recommend taking the following proactive steps to protect yourself from fraudsters impersonating Booking.com:

• Bookmark the correct extranet link
  Manually type https://admin.booking.com/ into your browser. You’ll see the secure lock icon next to the address. Bookmark this page and use this link to manage your property. Learn more about preventing unauthorised use of your account in this article.
• Report suspicious emails
  Always report suspicious emails to the Booking.com Security team, then move the email to the trash. 
• Limit the use of tools that grant online anonymity 
  To keep you safe, we advise you not to use tools that grant anonymity (for example, Incognito mode) online while navigating your extranet.
• Review your email service provider solutions
  Popular email providers have put in place smart solutions to tackle phishing scams head-on. For example, Gmail offers a range of tools and settings outlined in their support documentation to help users stay safe. Make sure you check what protections they have in place and how you can make the most of them.

You can now access all your legal messages and updates anytime, in one place.

Read more