Security recommendations to protect your Cloudbeds account

Overview

Protecting our online data is crucial as the risk of account and data theft continues to rise. It is important to take steps to strengthen and enhance your data security, preventing potential threat actors from accessing it.

This article includes:

  • A brief description of common phishing attacks
  • Helpful tips to identify phishing attacks
  • Easy-to-follow recommendations to protect your Cloudbeds account
  • Best practices to keep in mind and share with your staff members

Phishing attacks

Wikipedia defines phishing as follows:

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Email spoofing

Email spoofing is the creation of email messages with a forged sender address, often tricking the recipient into believing that the email is genuine.

Spam and phishing emails commonly use such spoofing to mislead the recipient about the origin of the message and thus take actions that could put account information (such as Guest PII Data or Credit Card Data) at risk.

Risks associated with phishing and email spoofing 

When a phishing attack occurs, oftentimes the goal of the attacker is to obtain your login credentials, which would give the attacker access to your Cloudbeds account. If the attacker is able to gain access to your Cloudbeds account, they could then attempt to log in as you and view Guest Data, such as:

  • First and Last Name
  • Address
  • Telephone
  • Government identification information
  • Reservation history
  • Credit Card Details
  • Etc.
Pop-up phishing
Pop-up phishing tricks you by displaying a pop-up claiming there are issues with your computer (such as security issues) The pop-up encourages the user to click somewhere in it and download malware disguised as a regular file.
Whaling
Whaling targets high-level executives to gain deep access to sensitive areas of the user's network and obtain important information. This type of phishing attack encourages users to enter credentials and other sensitive data.
Search engine phishing
With search engine phishing, hackers manipulate search engine results to make their malicious link the top one. Users are then taken to a fake website to provide important key information, which is eventually stolen.

Protect your account

Identify phishing attacks

Spoofed emails and phishing attacks can be very convincing, but there are ways to ensure that you are only taking action on genuine emails:

  • Verify that all emails come from a cloudbeds.com email address (e.g. support@cloudbeds.com)
  • You will never receive any Cloudbeds emails from subdomains (ex: spam.cloudbeds.com) or a different domain extension (cloudbeds.xyz)
  • Emails that include links and buttons to login to your account should be treated with extreme caution
  • Cloudbeds will never ask for your password or login information via email

Suspicious email examples

Important: These are just examples, and each phishing attack can look different.

Identify phishing attacks 1.png

Identify phishing attacks 2.png

Identify phishing attacks 3.png

Best practices
  • Alert and train your entire staff on the dangers of phishing listed above
  • Ensure your staff are using strong, secure passwords
  • Always be aware of suspicious emails (see examples above)
  • Make sure you have 2FA (2 Factor Authentication) enabled for your account and users
  • Important: The Cloudbeds team will never ask you for your password, 2FA verification code, or 2FA emergency code.
  • If you ever get a call or email from Cloudbeds that you were not expecting and it seems strange, do not provide any information and open a Support ticket immediately.
  • Reset your Cloudbeds login regularly.
Some takeaways

Remember: Your data is safe with us

🔒 Learn more about our Data Security here.

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.