Protecting your business against new cybercrime tactics

Security and the protection of personal data is a top priority at Booking.com, with trust and safety at the heart of our platform. With coronavirus accelerating the digital transformation of many companies, cybercrime is on the rise as criminals look to capitalize on the current climate. Although actual incidents are rare—our dedicated teams leverage industry-leading technology to monitor, detect, and block suspicious activity around the clock—we want to arm you with all the info and resources you need to keep your business and the personal data you have access to safe on our platform.

Remote desktop access scams

While the two main security threats remain phishing and social engineering, attacks are growing in sophistication and scammers are using new techniques to lure victims. One social engineering technique gaining popularity since the start of the pandemic is remote desktop access scams, with criminals exploiting the reality of many people now working remotely. These attackers persuade you to install remote access software on your computer such as AnyDesk, TeamViewer, and GoToMeeting, allowing scammers to control your device and access personal info.

These scammers typically pose as a member of tech support, with the actor following a script under the guise of helping you. They may sound professional, knowledgeable, and create a sense of urgency to resolve issues on your behalf, all the while using technical jargon to intimidate you into turning over your information. It’s important to remember Booking.com employees will never request or require your Extranet credentials, 2FA codes, or ask for remote desktop access to any of your devices. 

While remote desktop access software can serve a legitimate purpose, it’s worth reviewing and deleting any third-party remote access applications if they’re not needed for your day-to-day operations, along with revisiting which employees have user permissions to install new ones. Doing so can avoid these kinds of applications being used by scammers maliciously.

How to recognize social engineering and phishing

In the below video session from Click. 2021, Valentina Bonsi, Director of Cybersecurity, and Ben Carrall, Director of Global Security, join Security Awareness and Communications Manager Amir Naveh to discuss phishing and social engineering in detail. Learn from our experts all about the tell-tale signs of an attack, tips to stay safe against online threats, who cybercriminals are most likely to target, and why. 

While we’re continuously innovating our processes and systems to ensure robust security on our platform, it’s crucial you remain vigilant. If you suspect you may have been targeted by a cybercriminal, have provided sensitive info to an unauthorized third party, or have noticed suspicious activity on your account, you must always report this to our security team within 24 hours via report.booking.com. Our teams can then immediately investigate further and take necessary corrective measures if required.