Overview
Phishing is one of the most common ways hackers try to steal login details and payment information. Protecting your Cloudbeds account is crucial as the risk of data theft continues to rise. This guide explains how to recognize suspicious emails and take steps to keep your information secure.
You’ll find:
- A brief description of common phishing scams
- Helpful tips to identify phishing attempts
- Easy-to-follow recommendations to secure your Cloudbeds account
- Best practices you can share with your staff members
What is a phishing attack?
Wikipedia defines phishing as follows:
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Email spoofing is the creation of email messages with a forged sender address, often tricking the recipient into believing that the email is genuine.
Spam and phishing emails commonly use such spoofing to mislead the recipient about the origin of the message and thus take actions that could put account information (such as Guest PII Data or Credit Card Data) at risk.
Risks associated with phishing and email spoofing
When a phishing attack occurs, oftentimes the goal of the attacker is to obtain your login credentials, which would give the attacker access to your Cloudbeds account. If the attacker is able to gain access to your Cloudbeds account, they could then attempt to log in as you and view Guest Data, such as:
- First and Last Name
- Address
- Telephone
- Government identification information
- Reservation history
- Credit Card Details
- Etc.
How to protect your Cloudbeds account from phishing
Spoofed emails and phishing attacks can be very convincing, but there are ways to ensure that you are only taking action on genuine emails:
- Check that the email is from an official @cloudbeds.com domain (e.g. support@cloudbeds.com) and not from lookalikes such as @cloudbeds.xyz
- You will never receive any Cloudbeds emails from subdomains (ex: spam.cloudbeds.com) or a different domain extension (cloudbeds.xyz)
- Emails that include links and buttons to login to your account should be treated with extreme caution. Only log in at https://signin.cloudbeds.com.
- Cloudbeds will never ask for your password or login information via email
Before contacting support, check these three things:
- Sender’s email domain: only @cloudbeds.com is valid.
- Hover over hyperlinks: Cloudbeds login is always at signin.cloudbeds.com
- Cloudbeds will never ask for your password or payment via email.
Suspicious email examples
Important: These are just examples, and each phishing attack can look different.
- Alert and train your entire staff on the dangers of phishing listed above
- Ensure your staff are using strong, secure passwords
- Always be aware of suspicious emails (see examples above)
- Make sure you have 2FA (2 Factor Authentication) enabled for your account and users
- Important: The Cloudbeds team will never ask you for your password, 2FA verification code, or 2FA emergency code.
- If you ever get a call or email from Cloudbeds that you were not expecting and it seems strange, do not provide any information and open a Support ticket immediately.
- Reset your Cloudbeds login regularly.
Remember: Do not search on Google to log in, do not share login information, and don't approve random multi-factor authentication requests. We strongly recommend to bookmark the Cloudbeds login page.
Not sure if it’s phishing?
If you are still unsure about an email, do not click any links or reply. Learn how to report scammers impersonating Cloudbeds.
🔒 Remember: Your data is safe with us
Learn more about our Data Security here.
Comments
Please sign in to leave a comment.