Preventing unauthorised use of your account
If you suspect that your account has been accessed by an unauthorised party, receive an unrecognised ‘new sign-in’ email or notice changes that you did not make, your account may have been compromised. Read on to learn how to recognise unauthorised use of your account and how to keep it secure.
What’s in this article:
Recognising signs of unauthorised use
Your Booking.com extranet account has valuable information that fraudsters may try to target, such as personal data and payment details from guests. If an unauthorised third party is able to gain access to your account, you may be able to tell from these signs:
- Guests receiving messages or phone calls asking for payments that do not originate from you.
- Unrecognised changes to your property details, such as contact information, rates and availability, content or channel manager changes.
- Notification emails from Booking.com stating that your account was accessed from a new, unrecognised location.
- New, unrecognised phone numbers for two-factor authentication (2FA) or user accounts added to your property.
Protecting your account from unauthorised use
There are several steps you can take to protect your account from unauthorised use:
- Pay attention to the message you receive – look out for strange, unexpected or seemingly urgent requests, spelling mistakes, bad grammar and/or claims of sudden changes in processes or extenuating circumstances. Be mindful of shortened links and if you spot one, don’t click on it.
- Sign in through the Booking.com sign-in page – you can verify that you’re on our trusted website (and not a fraudulent duplicate website) by checking our SSL certificate details.
- Install protective software – install anti-virus and anti-phishing software and keep them up-to-date. Be sure to always update your operating system (OS) so that you’re running the latest version with the latest security updates on all your devices. Only download and install apps from trusted sources.
- Communicate through Booking.com – avoid using WhatsApp or other outside channels when communicating with your guests or with us.
- Avoid anonymity – we discourage the use of tools that grant anonymity online while navigating your extranet, as this makes it harder for us to keep your account safe.
- Choose a strong password – it should contain at least ten characters, including uppercase letters, lowercase letters, numbers and special characters. Your password shouldn’t contain any sensitive information that can be easy to guess, such as your name, email address or date of birth.
- Don’t reuse passwords – reusing the same password for different services makes it easier for fraudsters to hack your account. For example, if you’re using the same password for Booking.com and another website, and that website suffers a data breach, attackers might try to use these credentials to access your Booking.com account.
- Create individual extranet accounts – avoid sharing accounts between employees, and be sure to add 2FA to all your work applications, such as email.
To check an SSL certificate in your browser, click the padlock icon or tune icon (commonly used to indicate control or settings) in the browser’s URL address bar, and then:
- On Chrome, click Connection is secure and Certificate is valid
- On Safari, click Show Certificate
- On Firefox, click on Connection secure then More information
The SSL certificate should include the following information:
- Issued by: DigiCert Inc
- Issued to: Booking.com BV
- Validity: ‘This certificate is valid’ or shown as valid by the expiry date
Securing your account after it has been maliciously accessed
If your account has been maliciously accessed, you should take the following steps immediately to secure it:
- Run updated antivirus and anti-phishing software on all your devices.
- Reset your email account password.
- Reset your Booking.com account password. To do so, go to the extranet sign-in page, click Having trouble signing in?, click Forgot your password?, enter your username and click Send reset link.
- Once you’ve signed in to your account, check all your information to see if anything has changed, such as your personal information, preferred language or booking history.
- Report the incident to our Security team within 24 hours so that we can take steps to protect your account and your guests’ information.
Don’t forget to include all relevant details, such as changes to your account or suspicious charges on your credit card.
-
Legal & Security
-
- Online security awareness: social engineering
- Online security awareness: phishing and email spoofing
- Preventing unauthorised use of your account
- Securing your account
- Requirements and regulations around surveillance devices
- Digital event security standards
- Guidelines for room key access
- Keeping your property clean and sanitary
- Equipping your home property with safety devices, safety kits and emergency plans
- Protecting your home property with security devices
- Partner Liability Insurance
- Identifying and acting on potential human trafficking of refugees from Ukraine
- Report a security issue
- Online security awareness: malware
- All about our messaging security settings
-
- Why you need to complete the Know Your Partner (KYP) form
- How can I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Our animal welfare standards
- Where to find your General Delivery Terms (GDT)
- Complying with European Union consumer law
- Mandatory host type (professional/private) assessment
- How does parity work?
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct
- Meeting legal requirements for tourist accommodation in French Polynesia
- Understanding Force Majeure
- Handling emergency closures
- Supporting partners in Ukraine during the war
- VAT and tax withholding legislation in Mexico
- Energy performance certificate requirements for properties in Spain
- Understanding short-term rentals
- Short-term rentals: FAQs
- DAC7: FAQs
- Everything you need to know about DAC7
- Non-discrimination guidelines when accepting or declining a booking request
- Laws and regulations for short-term rentals in Asia-Pacific
- Laws and regulations for short-term rentals in South America
- Laws and regulations for short-term rentals in North America
- Laws and regulations for short-term rentals in Europe, the Middle East and Africa
- Israel VAT display and additional charges
- Short-term rental licence requirements in New York City, NY
- Everything you need to know about Sharing Economy Reporting Regime (SERR)
- Everything you need to know about the Digital Services Act (DSA)
- Welcoming guests with assistance animals
- Statement on Non-discrimination, Harassment and Abuse
- Accommodation Agreement and General Delivery Terms
- Everything you need to know about the compliance centre
- When the contracting name on your accommodation agreement is wrong
- When involved parties contact us