Security and the protection of personal data is a top priority at Booking.com, with trust and safety at the heart of our platform. With Coronavirus accelerating the digital transformation of many companies, cybercrime is on the rise as criminals look to capitalise on the current climate. Although actual incidents are rare – our dedicated teams leverage industry-leading technology to monitor, detect and block suspicious activity around the clock – we want to arm you with all the information and resources you need to keep your business and the personal data you have access to safe on our platform.
Remote desktop access scams
While the two main security threats remain phishing and social engineering, attacks are growing in sophistication and fraudsters are using new techniques to lure in victims. One social engineering technique gaining popularity since the start of the pandemic is remote desktop access scams, with criminals exploiting the reality of many people suddenly working remotely. These attackers persuade you to install remote access software on your computer such as AnyDesk, TeamViewer and GoToMeeting, allowing scammers to control your device and access personal information.
These scammers typically pose as a member of tech support, with the actor following a script under the guise of helping you. They may sound professional, knowledgeable and create a sense of urgency to resolve issues on your behalf, all the while using technical jargon to intimidate you into relinquishing your information. It’s important to remember that Booking.com employees will never request or require your extranet credentials, 2FA codes or ask for remote desktop access to any of your devices.
While remote desktop access softwares can serve a legitimate purpose, it’s worth reviewing and deleting any third-party remote access applications if they’re not needed for your day-to-day operations, along with revisiting which employees have user permissions to install new ones. Doing so can avoid these kinds of applications being used by scammers in a malicious manner.
How to recognise social engineering and phishing
In the below video session from Click. 2021, Valentina Bonsi, Director of Cybersecurity, and Ben Carrall, Director of Global Security, join Security Awareness and Communications Manager Amir Naveh to discuss phishing and social engineering in detail. Learn from our experts all about the tell-tale signs of an attack, tips to stay safe against online threats, and who cybercriminals are most likely to target and why.
While we are continuously innovating our processes and systems to ensure robust security on our platform, it’s crucial you remain vigilant. If you suspect that you may have been targeted by a cybercriminal, have provided sensitive information to an unauthorised third party or have noticed suspicious activity on your account, you must always report this to our security team within 24 hours via report.booking.com. Our teams can then immediately investigate further and take necessary corrective measures if required.
- Remote desktop access scams have been growing in popularity since the start of the pandemic, with cybercriminals using the tactics to gain control of your device and access personal information
- It’s important to remember that Booking.com employees will never request or require your extranet access credentials, 2FA codes or ask for remote access to any of your devices
- If you suspect that you may have been targeted by a cybercriminal, you must always report this to our security team within 24 hours via report.booking.com