Online security awareness: malware

Updated 4 weeks ago | 4 min read time
Save

As a partner on our platform, you’re likely to have access to a large amount of guest data, including their names, addresses, credit card details and phone numbers.

This means that your extranet account can be a tempting target for cyber criminals and fraudsters, who use a variety of techniques to try to gain access to this valuable data. Malware is one such technique, which is explained in this article. Two other common techniques are phishing and social engineering


What’s in this article:


Understanding malware

Malware is an umbrella term for malicious software, including viruses, worms, trojan horses and spyware. It’s used to disrupt computer operation, gather sensitive information or gain access to private computer systems.

Malware is often used to acquire information such as personal identification numbers or details, bank or credit card numbers and passwords. Once a machine or user has been successfully attacked with malware, they are referred to as ‘infected’.

The main objectives of malware are:

  • Theft of sensitive data, such as financial details and sensitive corporate or personal information
  • Gaining remote control and use of a machine
  • Sending spam from an infected machine to unsuspecting targets
  • Infiltrating an infected user’s local network

Common entry points and malware indicators

Common entry points for malware are:

  • Phishing emails containing malicious links or attachments
  • Application downloads from untrusted sources
  • Malicious or hacked websites, such as websites impersonating Booking.com
  • Social engineering attempts to install remote access software, such as Anydesk, TeamViewer or Screenconnect
  • Malicious links or attachments shared via social media or instant messaging
  • USB, flash or external drives

Common indicators of a malware attack are:

  • System slowness or an increase in CPU and memory usage
  • Suspicious file downloads or deletions
  • Unusual files or file extensions
  • Browsers redirecting to unknown or random websites
  • Browser pop-ups and ads
  • An unusual screensaver and/or system crashes
  • Increased internet traffic from the computer(s)

What to do if you suspect a malware attack

If you suspect your computer or laptop has been infected with malware, try performing one or more of the following steps:

  • Perform a full anti-malware scan using reputable anti-virus software
  • Remove suspicious file downloads or installed applications
  • Clear all files from the ‘Temp’ directory
  • Reset all browsers to their default setting
  • Clear the cache of any Booking.com cookies
  • Reset all passwords, including your Booking.com extranet partner account(s) and any other stored passwords
  • Report potentially malicious activity involving extranet access or guest reservations to our Security team

Protecting your organisation from malware

To avoid potential security breaches before they happen, we recommend taking the following proactive steps to protect your accounts and business from malware:

  • Protect your passwords
    Create unique and long passwords for your accounts, and use two-factor authentication to further protect these passwords. Stay in control of which mobile telephone numbers can receive PIN codes that we may send you for two-factor authentication. You might also consider using a password manager, which generates and stores your passwords in a location you can control.
     
  • Use up-to-date antivirus software
    Install an antivirus programme and make sure it’s always up-to-date. Be sure to use it to scan anything you download before you open it. Antivirus software also allows you to scan your entire computer for malware.
     
  • Stay up-to-date with security patches and updates
    Regular updates of all software on your desktop, laptop and mobile devices can prevent security issues. Software updates typically come with security updates that address software weaknesses that fraudsters use to try and gain unauthorised access to computers.
     
  • Restrict who has access to your accounts, including the extranet
    The more (extranet) accounts you have and the larger the number of individuals with access to your accounts, the higher your risk of malware infection or other malicious system access. Use multiple accounts and assign different privileges to separate extranet accounts, particularly if you manage multiple properties.
     
  • Only download and install apps only from trusted sources
    Only download and install apps from official app stores, and avoid downloading apps or other software that haven’t been updated for a long time or only downloaded by a limited number of users. Regularly uninstall apps and software from your computer and other devices that you haven't used for a long time.
     
  • Control removable media
    Control how removable media, such as USB drives, are used by your devices. Be sure to scan the contents of USB drives and memory cards when you connect these to your computers.
     
  • Turn on your firewall
    Firewalls provide protection against cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Most operating systems now include a firewall, so it may simply be a case of turning it on.
     
  • Practice cybersecurity awareness
    Remain vigilant about online security threats. Don’t open anything that looks suspicious or download anything from websites that you can’t verify as trustworthy. Treat non-public information with due care, making sure the information isn’t disclosed to unauthorised people. Organise regular cyber security training for employees on key threats, online safety, phishing, social engineering and online fraud.
  • Limit the use of tools that grant online anonymity 
    We discourage the use of tools that grant anonymity (example, but not limited to Incognito mode) online while navigating your extranet. This will help us keep you safe.

 

You can now access all your legal messages and updates anytime, in one place.
Read more

Is this article helpful?