Overview
Protecting our online data is crucial as the risk of account and data theft continues to rise. It is important to take steps to strengthen and enhance your data security, preventing potential threat actors from accessing it.
This article includes:
- A brief description of common phishing attacks
- Helpful tips to identify phishing attacks
- Easy-to-follow recommendations to protect your Cloudbeds account
- Best practices to keep in mind and share with your staff members
Phishing attacks
Wikipedia defines phishing as follows:
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Email spoofing is the creation of email messages with a forged sender address, often tricking the recipient into believing that the email is genuine.
Spam and phishing emails commonly use such spoofing to mislead the recipient about the origin of the message and thus take actions that could put account information (such as Guest PII Data or Credit Card Data) at risk.
Risks associated with phishing and email spoofing
When a phishing attack occurs, oftentimes the goal of the attacker is to obtain your login credentials, which would give the attacker access to your Cloudbeds account. If the attacker is able to gain access to your Cloudbeds account, they could then attempt to log in as you and view Guest Data, such as:
- First and Last Name
- Address
- Telephone
- Government identification information
- Reservation history
- Credit Card Details
- Etc.
Protect your account
Spoofed emails and phishing attacks can be very convincing, but there are ways to ensure that you are only taking action on genuine emails:
- Verify that all emails come from a cloudbeds.com email address (e.g. support@cloudbeds.com)
- You will never receive any Cloudbeds emails from subdomains (ex: spam.cloudbeds.com) or a different domain extension (cloudbeds.xyz)
- Emails that include links and buttons to login to your account should be treated with extreme caution
- Cloudbeds will never ask for your password or login information via email
Suspicious email examples
Important: These are just examples, and each phishing attack can look different.
- Alert and train your entire staff on the dangers of phishing listed above
- Ensure your staff are using strong, secure passwords
- Always be aware of suspicious emails (see examples above)
- Make sure you have 2FA (2 Factor Authentication) enabled for your account and users
- Important: The Cloudbeds team will never ask you for your password, 2FA verification code, or 2FA emergency code.
- If you ever get a call or email from Cloudbeds that you were not expecting and it seems strange, do not provide any information and open a Support ticket immediately.
- Reset your Cloudbeds login regularly.
- Remember: Do not search on Google to log in, do not share login information, and don't approve random multi-factor authentication requests. We strongly recommend to bookmark the Cloudbeds login page.
- Learn how to report scammers impersonating Cloudbeds.
Remember: Your data is safe with us
🔒 Learn more about our Data Security here.
Comments
Please sign in to leave a comment.