Online security awareness: Malware

As a partner on our platform, you probably have access to a large amount of guest data, including names, addresses, credit card details, and phone numbers.

This means your Extranet account can be a tempting target for cyber criminals and fraudsters, who use a variety of techniques to try to gain access to this valuable data. Malware is one such technique, and it’s explained in this article. Two other common techniques are phishing and social engineering. 

In this article:

Understanding malware

Malware is an umbrella term for malicious software, including viruses, worms, trojan horses, and spyware. It’s used to disrupt computer operation, gather sensitive info, or gain access to private computer systems.

Malware is often used to acquire info such as personal identification numbers or details, bank or credit card numbers, and passwords. Once a machine or user is successfully attacked with malware, they’re referred to as “infected.”

The main objectives of malware are:

• Theft of sensitive data, such as financial details and sensitive corporate or personal info
• Gaining remote control and use of a machine
• Sending spam from an infected machine to unsuspecting targets
• Infiltrating an infected user’s local network

Common entry points and malware indicators

Common entry points for malware are:

• Phishing emails containing malicious links or attachments
• Application downloads from untrusted sources
• Malicious or hacked websites, such as those impersonating Booking.com
• Social engineering attempts to install remote access software, such as Anydesk, TeamViewer, or Screenconnect
• Malicious links or attachments shared via social media or instant messaging
• USB, flash, or external drives

Common indicators of a malware attack are:

• System slowness or an increase in CPU and memory usage
• Suspicious file downloads or deletions
• Unusual files or file extensions
• Browsers redirecting to unknown or random websites
• Browser pop-ups and ads
• An unusual screensaver and/or system crashes
• Increased internet traffic from the computer(s)

What to do if you suspect a malware attack

If you suspect your computer or laptop has been infected with malware, try performing one or more of the following steps:

• Perform a full anti-malware scan using reputable antivirus software
• Remove suspicious file downloads or installed applications
• Clear all files from the “Temp” directory
• Reset all browsers to their default setting
• Clear the cache of any Booking.com cookies
• Reset all passwords, including your Booking.com Extranet partner account(s) and any other stored passwords
• Report potentially malicious activity involving Extranet access or guest reservations to our Security team

Protecting your organization from malware

To avoid potential security breaches before they happen and protect your accounts and business from malware, we recommend taking the following proactive steps:

• Protect your passwords
  Create unique, long passwords for your accounts and use two-factor authentication to further protect these passwords. Stay in control of which mobile numbers can receive PIN codes that we may send you for two-factor authentication. Consider using a password manager, which generates and stores your passwords in a location you can control.
   
• Use up-to-date antivirus software
  Install an antivirus program and make sure it’s always up to date. Use it to scan anything you download before you open it. Antivirus software also allows you to scan your entire computer for malware.
   
• Stay up to date with security patches and updates
  Regular updates of all software on your desktop, laptop, and mobile devices can prevent security issues. Software updates typically come with security updates that address software weaknesses fraudsters use to gain unauthorized access to computers.
   
• Restrict who has access to your accounts, including on the Extranet
  The more Extranet accounts you have and the larger the number of individuals with access to them, the higher your risk of malware infection or other malicious system access. Use multiple accounts and assign different privileges to separate Extranet accounts, particularly if you manage multiple properties.
   
• Only download and install apps from trusted sources
  Only download and install apps from official app stores, and avoid downloading apps or other software that haven’t been updated for a long time, or were downloaded by a limited number of users. Regularly uninstall apps and software from your computer and other devices that you haven't used for a long time.
   
• Control removable media
  Control how removable media, such as USB drives, are used by your devices. Be sure to scan the contents of USB drives and memory cards when you connect them to your computers.
   
• Turn on your firewall
  Firewalls provide protection against cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Most operating systems now include a firewall, so you might just need to turn it on.
   
• Practice cybersecurity awareness
  Stay vigilant about online security threats. Don’t open anything that looks suspicious or download anything from websites you can’t verify as trustworthy. Treat non-public info with due care, making sure it isn’t disclosed to unauthorized people. Organize regular cyber security trainings for employees on key threats, online safety, phishing, social engineering, and online fraud.

• Limit the use of tools that grant online anonymity 
  We discourage the use of tools that grant anonymity (e.g. Incognito, private modes, etc.) online while navigating the Extranet. This will help us keep you safe.