What is phishing?
Phishing is pretending to be someone else in order to steal money, data, or data to earn money. Phishing is the most common method by which organisational breaches occur.
What do these people want?
- Guest reservation data
- Personal information of employees and guest
- Credit card information
- To trick staff, compromise systems or steal money
Who is the target of phishing?
Practically speaking, anyone with valuable data is a target. At Booking.com, our accommodation partners are targeted by phishing due to the type of sensitive and valuable data held in the extranet.
Typical signs of a phishing email include:
Phishing emails tend to create a false sense of urgency, such as ‘Your Extranet Account Is Suspended’ or ‘Urgent: financial suspension – log in to pay’. Fraudsters will always adapt their techniques in order to make their phishing emails look as legitimate as possible.
Errors and mistakes
Phishing emails often include spelling errors or grammatical mistakes. If you spot numerous spelling/grammar mistakes, or a mix of different languages in the same email, it’s likely a phishing email.
A phishing email will also be typically written entirely or partially in a language that doesn’t match your own. You can always check the real sender in the ‘From:’ field of your email client, and checking the sender located inside the arrowheads (“<”, “>”).
Note: A Booking.com email will always end in “booking.com”, regardless of the subdomain! For example, emails coming from an address like "email@example.com" are not from Booking.com and are most certainly malicious! Do not interact with such emails, and instead report them as spam.
What does phishing mean for you?
You probably receive suspicious emails each day that are blocked by email filters – though a few might get through. Depending on your email client, these suspicious messages may be flagged, or automatically moved to the spam folder.
Note: Most recently, we have seen attempts from fraudsters attempting to mimic our emails in order to phish your username and password for the purposes of taking over your account. These phishing emails can lead to a webpage that looks very similar to the Booking.com extranet login page, but if you look at the URL address bar you will notice differences. The key to protecting your business is to report these emails to Booking.com as soon as you spot them.
What can I do to stay safe?
Manually type https://admin.booking.com/ into your browser. You will see the secure lock icon next to the address. Bookmark this page and use this link to manage your property.
More information on how to verify that the site is safe on “How to prevent unauthorized use of your account”.
Be vigilant! If you see a suspicious email, follow these tips to check and report them
Don’t trust the display name!
Check the email address in the ‘From’ header – if it looks suspicious, don’t open the email.
Note: Here are some examples of trusted Booking.com email addresses: firstname.lastname@example.org email@example.com @property.booking.com firstname.lastname@example.org email@example.com @guest.booking.com firstname.lastname@example.org email@example.com @mailer.booking.com firstname.lastname@example.org @partners.booking.com
It’s easy to hide the real destination of a link once it is embedded in an email, but luckily it’s also easy to double-check and find the real address both on desktop and mobile devices. Just hover your mouse over the link (or tap and hold on mobile devices) to see the real address behind a link.
If the address does not take you to an address ending in “.booking.com”, don’t click on it! Always report suspicious emails to the Booking.com security team - your report helps keep everyone secure.
Report suspicious email
You can do so by clicking here prior to moving the email to your trash.
I think I may have been phished! What do I do now?
Follow these steps to secure your account:
Reset your email account password first, then your Booking.com account password. To reset your Booking.com account, go to http://admin.booking.com, type in your username, then click on ‘Having trouble signing in?’
Scan your device with an updated malicious software scanner. Not all phishing attacks steal passwords – some can have malicious software embedded in a ‘file’ which may be malware, spyware, ransomware, or a virus. It is very important to scan your device if you think you’ve clicked on a malicious link or downloaded unrecognised files.
Report it! We ask that you contact Booking.com immediately to let us know that your account may have been compromised by a phishing attack. In order to help you and your guests as quickly as possible, your contract with Booking.com requires you to notify an actual or suspected account take-over within 24 hours. You can do this by contacting our security team here: Report a security issue
Don’t forget to include all relevant details, such as a copy of the suspicious email you received, or any unrecognised activity in your account. Please check this link for instructions on how to safely forward a suspicious email as an attachment.