Online security awareness: malware
As a partner on our platform, you’re likely to have access to a large amount of guest data, including their names, addresses, credit card details and phone numbers.
This means that your extranet account can be a tempting target for cyber criminals and fraudsters, who use a variety of techniques to try to gain access to this valuable data. Malware is one such technique, which is explained in this article. Two other common techniques are phishing and social engineering.
What’s in this article:
Malware is an umbrella term for malicious software, including viruses, worms, trojan horses and spyware. It’s used to disrupt computer operation, gather sensitive information or gain access to private computer systems.
Malware is often used to acquire information such as personal identification numbers or details, bank or credit card numbers and passwords. Once a machine or user has been successfully attacked with malware, they are referred to as ‘infected’.
The main objectives of malware are:
- Theft of sensitive data, such as financial details and sensitive corporate or personal information
- Gaining remote control and use of a machine
- Sending spam from an infected machine to unsuspecting targets
- Infiltrating an infected user’s local network
Common entry points and malware indicators
Common entry points for malware are:
- Phishing emails containing malicious links or attachments
- Application downloads from untrusted sources
- Malicious or hacked websites, such as websites impersonating Booking.com
- Social engineering attempts to install remote access software, such as Anydesk, TeamViewer or Screenconnect
- Malicious links or attachments shared via social media or instant messaging
- USB, flash or external drives
Common indicators of a malware attack are:
- System slowness or an increase in CPU and memory usage
- Suspicious file downloads or deletions
- Unusual files or file extensions
- Browsers redirecting to unknown or random websites
- Browser pop-ups and ads
- An unusual screensaver and/or system crashes
- Increased internet traffic from the computer(s)
What to do if you suspect a malware attack
If you suspect your computer or laptop has been infected with malware, try performing one or more of the following steps:
- Perform a full anti-malware scan using reputable anti-virus software
- Remove suspicious file downloads or installed applications
- Clear all files from the ‘Temp’ directory
- Reset all browsers to their default setting
- Clear the cache of any Booking.com cookies
- Reset all passwords, including your Booking.com extranet partner account(s) and any other stored passwords
- Report potentially malicious activity involving extranet access or guest reservations to our Security team
Protecting your organisation from malware
To avoid potential security breaches before they happen, we recommend taking the following proactive steps to protect your accounts and business from malware:
- Protect your passwords
Create unique and long passwords for your accounts, and use two-factor authentication to further protect these passwords. Stay in control of which mobile telephone numbers can receive PIN codes that we may send you for two-factor authentication. You might also consider using a password manager, which generates and stores your passwords in a location you can control.
- Use up-to-date antivirus software
Install an antivirus programme and make sure it’s always up-to-date. Be sure to use it to scan anything you download before you open it. Antivirus software also allows you to scan your entire computer for malware.
- Stay up-to-date with security patches and updates
Regular updates of all software on your desktop, laptop and mobile devices can prevent security issues. Software updates typically come with security updates that address software weaknesses that fraudsters use to try and gain unauthorised access to computers.
- Restrict who has access to your accounts, including the extranet
The more (extranet) accounts you have and the larger the number of individuals with access to your accounts, the higher your risk of malware infection or other malicious system access. Use multiple accounts and assign different privileges to separate extranet accounts, particularly if you manage multiple properties.
- Only download and install apps only from trusted sources
Only download and install apps from official app stores, and avoid downloading apps or other software that haven’t been updated for a long time or only downloaded by a limited number of users. Regularly uninstall apps and software from your computer and other devices that you haven't used for a long time.
- Control removable media
Control how removable media, such as USB drives, are used by your devices. Be sure to scan the contents of USB drives and memory cards when you connect these to your computers.
- Turn on your firewall
Firewalls provide protection against cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Most operating systems now include a firewall, so it may simply be a case of turning it on.
- Practice cybersecurity awareness
Remain vigilant about online security threats. Don’t open anything that looks suspicious or download anything from websites that you can’t verify as trustworthy. Treat non-public information with due care, making sure the information isn’t disclosed to unauthorised people. Organise regular cyber security training for employees on key threats, online safety, phishing, social engineering and online fraud.
- Limit the use of tools that grant online anonymity
We discourage the use of tools that grant anonymity (example, but not limited to Incognito mode) online while navigating your extranet. This will help us keep you safe.
Legal & Security
- Online security awareness: social engineering
- Online security awareness: phishing
- Preventing unauthorised use of your account
- Securing your account
- Requirements and regulations around surveillance devices
- Digital event security standards
- Guidelines for room key access
- Keeping your property clean and sanitary
- Equipping your home property with safety devices, safety kits and emergency plans
- Protecting your home property with security devices
- Partner Liability Insurance
- Identifying and acting on potential human trafficking of refugees from Ukraine
- Report a security issue
- Online security awareness: malware
- All about our messaging security settings
- Why you need to complete the Know Your Partner (KYP) form
- How can I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Our animal welfare standards
- Where to find your General Delivery Terms (GDT)
- Complying with European Union consumer law
- Mandatory host type (professional/private) assessment
- How does parity work?
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct
- Meeting legal requirements for tourist accommodation in French Polynesia
- Understanding Force Majeure
- Handling emergency closures
- Supporting partners in Ukraine during the war
- VAT and tax withholding legislation in Mexico
- Energy performance certificate requirements for properties in Spain
- Understanding short-term rentals
- Short-term rentals: FAQs
- DAC7: FAQs
- Everything you need to know about DAC7
- Non-discrimination guidelines when accepting or declining a booking request
- Laws and regulations for short-term rentals in Asia-Pacific
- Laws and regulations for short-term rentals in South America
- Laws and regulations for short-term rentals in North America
- Laws and regulations for short-term rentals in Europe, the Middle East and Africa
- Israel VAT display and additional charges
- Short-term rental licence requirements in New York City, NY
- Everything you need to know about Sharing Economy Reporting Regime (SERR)
- Everything you need to know about the Digital Services Act (DSA)
- Welcoming guests with assistance animals
- Statement on Non-discrimination, Harassment and Abuse
- Accommodation Agreement and General Delivery Terms
- Everything you need to know about the compliance centre