Online security awareness: Malware
As a partner on our platform, you probably have access to a large amount of guest data, including names, addresses, credit card details, and phone numbers.
This means your Extranet account can be a tempting target for cyber criminals and fraudsters, who use a variety of techniques to try to gain access to this valuable data. Malware is one such technique, and it’s explained in this article. Two other common techniques are phishing and social engineering.
In this article:
Malware is an umbrella term for malicious software, including viruses, worms, trojan horses, and spyware. It’s used to disrupt computer operation, gather sensitive info, or gain access to private computer systems.
Malware is often used to acquire info such as personal identification numbers or details, bank or credit card numbers, and passwords. Once a machine or user is successfully attacked with malware, they’re referred to as “infected.”
The main objectives of malware are:
- Theft of sensitive data, such as financial details and sensitive corporate or personal info
- Gaining remote control and use of a machine
- Sending spam from an infected machine to unsuspecting targets
- Infiltrating an infected user’s local network
Common entry points and malware indicators
Common entry points for malware are:
- Phishing emails containing malicious links or attachments
- Application downloads from untrusted sources
- Malicious or hacked websites, such as those impersonating Booking.com
- Social engineering attempts to install remote access software, such as Anydesk, TeamViewer, or Screenconnect
- Malicious links or attachments shared via social media or instant messaging
- USB, flash, or external drives
Common indicators of a malware attack are:
- System slowness or an increase in CPU and memory usage
- Suspicious file downloads or deletions
- Unusual files or file extensions
- Browsers redirecting to unknown or random websites
- Browser pop-ups and ads
- An unusual screensaver and/or system crashes
- Increased internet traffic from the computer(s)
What to do if you suspect a malware attack
If you suspect your computer or laptop has been infected with malware, try performing one or more of the following steps:
- Perform a full anti-malware scan using reputable antivirus software
- Remove suspicious file downloads or installed applications
- Clear all files from the “Temp” directory
- Reset all browsers to their default setting
- Clear the cache of any Booking.com cookies
- Reset all passwords, including your Booking.com Extranet partner account(s) and any other stored passwords
- Report potentially malicious activity involving Extranet access or guest reservations to our Security team
Protecting your organization from malware
To avoid potential security breaches before they happen and protect your accounts and business from malware, we recommend taking the following proactive steps:
- Protect your passwords
Create unique, long passwords for your accounts and use two-factor authentication to further protect these passwords. Stay in control of which mobile numbers can receive PIN codes that we may send you for two-factor authentication. Consider using a password manager, which generates and stores your passwords in a location you can control.
- Use up-to-date antivirus software
Install an antivirus program and make sure it’s always up to date. Use it to scan anything you download before you open it. Antivirus software also allows you to scan your entire computer for malware.
- Stay up to date with security patches and updates
Regular updates of all software on your desktop, laptop, and mobile devices can prevent security issues. Software updates typically come with security updates that address software weaknesses fraudsters use to gain unauthorized access to computers.
- Restrict who has access to your accounts, including on the Extranet
The more Extranet accounts you have and the larger the number of individuals with access to them, the higher your risk of malware infection or other malicious system access. Use multiple accounts and assign different privileges to separate Extranet accounts, particularly if you manage multiple properties.
- Only download and install apps from trusted sources
Only download and install apps from official app stores, and avoid downloading apps or other software that haven’t been updated for a long time, or were downloaded by a limited number of users. Regularly uninstall apps and software from your computer and other devices that you haven't used for a long time.
- Control removable media
Control how removable media, such as USB drives, are used by your devices. Be sure to scan the contents of USB drives and memory cards when you connect them to your computers.
- Turn on your firewall
Firewalls provide protection against cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Most operating systems now include a firewall, so you might just need to turn it on.
- Practice cybersecurity awareness
Stay vigilant about online security threats. Don’t open anything that looks suspicious or download anything from websites you can’t verify as trustworthy. Treat non-public info with due care, making sure it isn’t disclosed to unauthorized people. Organize regular cyber security trainings for employees on key threats, online safety, phishing, social engineering, and online fraud.
- Limit the use of tools that grant online anonymity
We discourage the use of tools that grant anonymity (e.g. Incognito, private modes, etc.) online while navigating the Extranet. This will help us keep you safe.
Legal & Security
- Making Pulse even more secure
- Online security awareness: social engineering
- Online security awareness: Phishing
- Preventing unauthorized use of your account
- Securing your account
- Requirements and regulations for surveillance devices
- Digital event security standards
- Guidelines for room key access
- Keeping your property safe and clean
- Equipping your home property with safety devices, safety kits, and emergency plans
- Protecting your home property with security devices
- Partner Liability Insurance
- Identifying and acting on potential human trafficking of refugees from Ukraine
- Report a security issue
- Online security awareness: Malware
- Why you need to complete the Know Your Partner (KYP) form
- Local laws and regulations
- How do I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Our animal welfare standards
- Booking.com Animal Welfare Standards for experience partners
- Where can I find my General Delivery Terms (GDT)?
- Complying with European Union consumer law
- Mandatory host type (professional/private) assessment
- How does parity work?
- Our values and guidelines
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct
- Understanding Force Majeure
- Handling emergency closures
- VAT and tax withholding legislation in Mexico
- Understanding short-term rentals
- Short-term rentals: FAQs
- DAC7: FAQs
- Everything you need to know about DAC7
- Non-discrimination guidelines when accepting or declining a booking request
- Laws and regulations for short-term rentals in North America
- Short-term rental license requirements in New York City