Online security awareness: Phishing and email spoofing

Updated 2 weeks ago

As a partner on our platform, you probably have access to a large amount of guest data, including names, addresses, credit card details, and phone numbers.

This means your Extranet account can be a tempting target for cybercriminals and scammers, who use a variety of techniques to try to gain access to this valuable data. Phishing is one of those techniques, which we explain in this article. Two other common techniques are malware and social engineering.

In this article:

Understanding phishing

Phishing is a type of cyber attack carried out by a scammer pretending to be someone else in order to steal money or data. Phishing is the most common method by which organizational breaches occur.

Phishing attempts are usually aimed at stealing:

  • Guest reservation data
  • Personal info of employees and guests
  • Credit card info
  • Money, by tricking staff or compromising systems

Phishing attacks most commonly target individuals or organizations with valuable data. Accommodation partners like you can become targets because of the sensitive and valuable data stored on the Extranet. Scammers may attempt to mimic our emails in order to phish your username and password for the purpose of taking over your account. These phishing emails can lead to a webpage that looks very similar to the Extranet log-in page – but if you look at the URL address bar, you’ll notice differences. The key to protecting your business is to report these emails to us as soon as you spot them.

If we detect suspicious activity in your Extranet account, we’ll immediately disable the link feature in any messages you send your guests via our platform. This is to prevent cybercriminals from impersonating you and exploiting this messaging channel to send fraudulent payment links to guests, particularly in the event of a phishing attack on your property.

Understanding email spoofing

Email spoofing is a technique cybercriminals use to trick you into believing an email came from a trusted sender by falsifying the sender’s email address. Spoofed emails can be used for several malicious purposes including phishing attacks, spreading malware, scams, or targeted cyberattacks. 

We use Domain-based Message Authentication, Reporting and Conformance (DMARC) to protect our platform and partners like you from email spoofing. DMARC is an email authentication standard that allows email receivers to verify the authenticity of a message. We have a strict policy, which means your email system should reject messages that don’t pass authenticity checks. 

While this standard reduces the risk of receiving spoofed emails, there are some scenarios where spoof emails are still delivered. This depends on the configuration of your systems. For example, if you experience network issues that delay authentication, some systems are configured to deliver the unauthenticated message instead of deferring it.

Identifying phishing attempts

You probably receive suspicious emails every day. Depending on your email client, these suspicious messages may be flagged or automatically moved to the spam folder, but some may get through. You can spot these by keeping an eye out for:

  • Urgent language
    Phishing emails tend to create a false sense of urgency, such as threats of your Extranet account being suspended, or an urgent email about your financial situation. Scammers will always adapt their techniques to make their phishing emails look as legitimate as possible. 
  • Errors and mistakes
    Keep an eye out for spelling errors or grammatical mistakes. If you spot numerous mistakes or a mix of different languages in the same email, it’s likely a phishing email. Phishing emails are also typically written in a mix of different languages. You can always check who the real sender is in the “From:” field of your email client, or by checking the sender inside the arrowheads (“<,” “>”). Emails from always come from an address ending in “,” regardless of the subdomain (e.g. An email address like “” isn’t from and is definitely malicious. Don’t interact with such emails – report them as spam instead.
  • Urgent requests without previous communication will never make urgent requests without sending prior communication. If you receive a suspicious email requesting urgent action, don’t take any steps until you contact your Account Manager or Customer Service. This will allow us to check whether any internal updates were made and to report the email to the Security team if necessary.
  • Incorrect sender email addresses
    Don’t automatically trust the email display name. Check the email address in the “From” header. If it looks suspicious, don’t open the email. Here are a few examples of trusted email addresses:
  • Foreign links
    Scanning the links you receive can help you prevent cyberattacks and improve your awareness of potential cybersecurity risks. There are a few ways to check links:
    • Check the real destination of a link by hovering your mouse over it or by tapping and holding the link if you’re on a mobile device. If the link doesn’t take you to an address ending in “,” don’t click it. 
    • There are also online tools and services designed to analyze and scan URLs for potential threats and malicious content. 

What to do if you suspect a phishing attempt

If you suspect your computer or laptop has been infected with malware, try performing one or more of the following steps:

  • Reset your email account password first, then reset your account password. To do this, go to, type in your username, then click “Having trouble signing in?”
  • Scan your device with an updated malware scanner. Not all phishing attacks steal passwords – some can have malicious software embedded in a file that may be malware, spyware, ransomware, or a virus. It’s very important to scan your device if you think you’ve clicked a malicious link or downloaded unrecognized files.
  • Report security issues within 24 hours of a suspected or actual phishing attack. This allows us to start securing your account to protect your business and guests as quickly as possible. Don’t forget to include all relevant details, such as a copy of the suspicious email you received or any unrecognized activity in your account. Read these instructions on how to safely forward a suspicious email as an attachment.

How to download suspicious emails in order to report them

To report a suspicious email, you’ll need to download it in .eml/.msg format. There are different ways to do this depending on your email provider and client.


  1. Open the email you want to download
  2. Click the three dots in the upper-right corner of the email
  3. Select “Download message” to download it in .eml format

Outlook (web):

  1. Open the email
  2. Click the three dots in the toolbar above the email
  3. Select “View message source” to view the email in .eml format
  4. To download it as .msg, you might have to open the email in the desktop version of Outlook and use the “Save as” option

Yahoo Mail:

  1. Open the email
  2. Click “More” (three dots)
  3. Select “Download message” to download it in .eml format

Microsoft Outlook (desktop):

  1. Open the email
  2. Click “File” in the menu
  3. Click “Save as” and select the .msg format

Apple Mail:

  1. Open the email
  2. Right-click the email
  3. Click “Save as” and select the .eml format


  1. Open the email in Thunderbird
  2. Right-click the email
  3. Click “Save as” and select the .eml format

Note: These instructions may change with updates to the email platforms and clients. Always check the specific options available in your email client for the most accurate guidance.

Protecting your organization from phishing attempts

To prevent security breaches, we recommend taking the following proactive steps to protect yourself from scammers impersonating

  • Bookmark the correct Extranet link
    Manually type into your browser. You’ll see the secure lock icon next to the address. Bookmark this page and use this link to manage your property. Learn more about preventing unauthorized use of your account in this article.
  • Report suspicious emails
    Always report suspicious emails to the Security team, then move the email to trash. 
  • Limit the use of tools that grant online anonymity
    To stay safe, we recommend not using tools that grant anonymity online (e.g. Incognito mode) while navigating the Extranet.
  • Review your email service provider solutions
    Popular email providers have put in place smart solutions to tackle phishing scams. For example, Gmail offers a range of tools and settings outlined in their support documentation to help users stay safe. Make sure you check what protections they have in place and how you can make the most of them.

You can now access all your legal messages and updates anytime, all in one place.

Read more


Is this article helpful?