Preventing unauthorised use of your account

Updated 3 months ago | 4 min read time
Save

If you suspect that your account has been accessed by an unauthorised party, receive an unrecognised ‘new sign-in’ email or notice changes that you did not make, your account may have been compromised. Read on to learn how to recognise unauthorised use of your account and how to keep it secure.


What’s in this article:


Recognising signs of unauthorised use

Your Booking.com extranet account has valuable information that fraudsters may try to target, such as personal data and payment details from guests. If an unauthorised third party is able to gain access to your account, you may be able to tell from these signs:

  • Guests receiving messages or phone calls asking for payments that do not originate from you.
  • Unrecognised changes to your property details, such as contact information, rates and availability, content or channel manager changes.
  • Notification emails from Booking.com stating that your account was accessed from a new, unrecognised location.
  • New, unrecognised phone numbers for two-factor authentication (2FA) or user accounts added to your property.

Protecting your account from unauthorised use

There are several steps you can take to protect your account from unauthorised use:

  • Pay attention to the message you receive – look out for strange, unexpected or seemingly urgent requests, spelling mistakes, bad grammar and/or claims of sudden changes in processes or extenuating circumstances. Be mindful of shortened links and if you spot one, don’t click on it.
  • Sign in through the Booking.com sign-in page – you can verify that you’re on our trusted website (and not a fraudulent duplicate website) by checking our SSL certificate details.
  • Install protective software – install anti-virus and anti-phishing software and keep them up-to-date. Be sure to always update your operating system (OS) so that you’re running the latest version with the latest security updates on all your devices. Only download and install apps from trusted sources.
  • Communicate through Booking.com – avoid using WhatsApp or other outside channels when communicating with your guests or with us.
  • Avoid anonymity – we discourage the use of tools that grant anonymity online while navigating your extranet, as this makes it harder for us to keep your account safe.
  • Choose a strong password – it should contain at least ten characters, including uppercase letters, lowercase letters, numbers and special characters. Your password shouldn’t contain any sensitive information that can be easy to guess, such as your name, email address or date of birth.
  • Don’t reuse passwords – reusing the same password for different services makes it easier for fraudsters to hack your account. For example, if you’re using the same password for Booking.com and another website, and that website suffers a data breach, attackers might try to use these credentials to access your Booking.com account.
  • Create individual extranet accounts – avoid sharing accounts between employees, and be sure to add 2FA to all your work applications, such as email.

To check an SSL certificate in your browser, click the padlock icon or tune icon (commonly used to indicate control or settings) in the browser’s URL address bar, and then:

  • On Chrome, click Connection is secure and Certificate is valid 
  • On Safari, click Show Certificate 
  • On Firefox, click on Connection secure then More information

The SSL certificate should include the following information:

  • Issued by: DigiCert Inc
  • Issued to: Booking.com BV
  • Validity: ‘This certificate is valid’ or shown as valid by the expiry date

Securing your account after it has been maliciously accessed

If your account has been maliciously accessed, you should take the following steps immediately to secure it:

  1. Run updated antivirus and anti-phishing software on all your devices.
  2. Reset your email account password.
  3. Reset your Booking.com account password. To do so, go to the extranet sign-in page, click Having trouble signing in?, click Forgot your password?, enter your username and click Send reset link.
  4. Once you’ve signed in to your account, check all your information to see if anything has changed, such as your personal information, preferred language or booking history.
  5. Report the incident to our Security team within 24 hours so that we can take steps to protect your account and your guests’ information.

Don’t forget to include all relevant details, such as changes to your account or suspicious charges on your credit card.

 

You can now access all your legal messages and updates anytime, in one place.

Read more

Is this article helpful?