As we all know, protecting our online data is becoming more and more important as the threat of account and data theft becomes more and more frequent. As such, it is paramount that we all increase and enhance the efforts made toward safeguarding this data from falling into the hands of potential threat actors.
To that end, Cloudbeds has developed the following security recommendations. Please follow the steps in this article to help maintain the security of your Cloudbeds account.
Understanding Phishing Attacks
Phishing attacks are becoming more and more common, especially in the hospitality industry. Read on to learn more about Phishing and what you can do to prevent it.
What is Phishing?
Per Wikipedia, Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
What is Email Spoofing?
Email spoofing is the creation of email messages with a forged sender address, often-times tricking the recipient into believing that the email is genuine. It is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message and thus take actions that could put account information (such as Guest PII Data or Credit Card Data) at risk.
What risks are associated with phishing and email spoofing?
When a phishing attack occurs, oftentimes the goal of the attacker is to obtain your login credentials, which would give the attacker access to your Cloudbeds account. If the attacker is able to gain access to your Cloudbeds account, they could then attempt to login as you and view Guest Data, such as:
- First and Last Name
- Government identification information
- Reservation history
- Credit Card Details
How do I know if the email I received is real?
Spoofed emails and phishing attacks can be very convincing, but there are ways to ensure that you are only taking action on genuine emails:
- Verify that all emails come from a cloudbeds.com email address (e.g. firstname.lastname@example.org)
- You will never receive any Cloudbeds emails from a subdomain (ex: spam.cloudbeds.com) or a different domain extension (cloudbeds.xyz)
- Emails that include links and buttons to login to your account should be treated with extreme caution
- Cloudbeds will never ask for your password or login information via email
Suspicious Email Examples
Here are some examples of phishing emails that should NOT be trusted. Again, these are just examples and each phishing attack can look different.
Safeguarding against Phishing Attempts
While the threat of phishing attacks is real, the good news is that you can absolutely prevent them by following safe email and security practices.
Here are some best practices you can take to help keep your account secure:
- Alert and train your entire staff on the dangers of phishing listed above
- Ensure your staff are using strong, secure passwords
- Always be aware of suspicious emails (see examples above)
- Make sure you have 2FA (2 Factor Authentication) enabled for your account and users
- Important: The Cloudbeds team will never ask you for your password, 2FA verification code, nor your 2FA emergency code.
- If you ever get a call/email from Cloudbeds that you were not expecting and it seems strange, please do not provide any information and open a Support ticket immediately.
- Reset your Cloudbeds login regularly