Online Security Awareness: Phishing

What's phishing?

Phishing is pretending to be someone else to steal money, data, or data to earn money. Phishing is the most common way that organizational breaches occur.

What do they want?

• Guest reservation data
• Personal info of employees and guests
• Credit card info
• To trick staff, compromise systems, or steal money

Who's the target of phishing?

Practically speaking, anyone with valuable data is a target. At Booking.com, our accommodation partners are targeted by phishing due to the type of sensitive and valuable data held on the Extranet.

Typical signs of a phishing email include:

1. Urgency

Phishing emails tend to create a false sense of urgency, such as "Your Extranet Account Is Suspended" or "Urgent: Financial suspension – log in to pay." Scammers will always adapt their techniques in order to make their phishing emails look as legitimate as possible.

2. Errors and mistakes

Phishing emails often include spelling errors or grammatical mistakes. If you spot numerous spelling/grammar mistakes or a mix of different languages in the same email, it’s likely a phishing email.

A phishing email will also be typically written entirely or partially in a language that doesn’t match your own. You can always check the real sender in the "From:" field of your email client and checking the sender located inside the arrowheads (“<”, “>”).

Note: A Booking.com email will always end in “booking.com”, regardless of the subdomain. For example, emails coming from an address like "support@booking-103266.com" aren't from Booking.com and are definitely malicious! Do not interact with such emails, and report them as spam instead.

What does phishing mean for you?

You probably get suspicious emails every day that are blocked by email filters – even though a few will always get through. Depending on your email client, these suspicious messages may be flagged, or automatically moved to the spam folder.

Note: Recently, we've seen attempts from scammers attempting to mimic our emails in order to phish your username and password to take over your account. These phishing emails can lead to a webpage that looks very similar to the Booking.com Extranet login page – but if you check the URL bar, you'll notice differences. The key to protecting your business is to report these emails to Booking.com as soon as you spot them.

What can I do to stay safe?

Manually type https://admin.booking.com/ into your browser. You'll see a secure lock icon next to the address. Bookmark this page and use this link to manage your property.

You'll find more info on verifying that a site is safe in How to prevent unauthorized use of your account.

Be vigilant! If you see a suspicious email, follow these tips to check and report them:

1. Don’t trust the display name!

Check the email address in the "From" header – if it looks suspicious, don’t open the email.

Note: Here are some examples of trusted Booking.com email addresses: noreply@booking.com noshow@booking.com @property.booking.com noreply-payments@booking.com customer.care@booking.com @guest.booking.com customer.service@booking.com invalid-cc@booking.com @mailer.booking.com email.campaign@sg.booking.com @partners.booking.com

2. Check links

It’s easy to hide the real destination of a link once it is embedded in an email, but luckily it’s also easy to double-check and find the real address both on desktop and mobile devices. Just hover your mouse over the link (or tap and hold on mobile devices) to see the real address behind a link.

If the address doesn't take you to an address ending in “.booking.com,” don’t click on it! Always report suspicious emails to the Booking.com security team – your report helps keep everyone secure.

3. Report suspicious email

You can do so by clicking here before moving the email to your trash.

I think I might have been phished! What do I do now?

Follow these steps to secure your account:

1. Reset your email account password first, then your Booking.com account password. To reset your Booking.com account, go to http://admin.booking.com, type in your username, then click "Having trouble signing in?"

2. Scan your device with an updated malicious software scanner. Not all phishing attacks steal passwords – some can have malicious software embedded in a "file" that may be malware, spyware, ransomware, or a virus. It's very important to scan your device if you think you clicked on a malicious link or downloaded unrecognized files.

3. Report it! Please contact Booking.com immediately to let us know that your account may have been compromised by a phishing attack. To help you and your guests as quickly as possible, your contract with Booking.com requires you to notify an actual or suspected account takeover within 24 hours. You can do this by contacting our security team here: Report a security issue

Don’t forget to include all relevant details, such as a copy of the suspicious email you received or any unrecognized activity in your account. Check this link for instructions on safely forwarding a suspicious email as an attachment.