Due to ongoing phishing campaigns impacting hospitality businesses across the industry, Cloudbeds Guest Experience has implemented additional security measures to help protect customer communications and media sharing.
These enhancements are designed to improve message safety, reduce malicious activity, and ensure a more secure experience for both properties and guests.
Additional Security Layer: Step-up Authentication
In addition to the protections listed below, Cloudbeds also provides another security layer through Step-up Authentication in Guest Experience (GX). Users accessing the Messaging Approved Links setting may be prompted to re-authenticate before making changes if they have not recently completed step-up verification. To learn more, see Step-up Authentication in Guest Experience (GX).
Media Attachment Security
Every image or file uploaded through Whistle is automatically scanned for potential security threats before it can be downloaded.
This malware detection process helps identify:
- Viruses
- Malicious file content
- Potentially harmful attachments
If a file is identified as unsafe, it may be blocked from download to protect users and devices.
QR Link Detection
QR codes contained within uploaded attachments are also subject to security scanning.
Supported Behavior
- QR codes containing URLs may be scanned and flagged if considered suspicious or unsafe.
- QR codes containing non-URL content, such as WiFi password strings or plain text data, are not flagged.
This additional layer of protection helps reduce phishing attempts and malicious redirect activity.
Supported Media Upload File Types
For security purposes, media uploads are currently limited to the following file types:
image/jpegimage/jpgimage/pngimage/gifimage/webpimage/heic
Files outside of these supported formats may be rejected during upload.
Link Security
External links containing unapproved domains may be blocked if the base domain has not been added to your property's Messaging Approved Links list.
Automatically Approved Cloudbeds Links
The following Cloudbeds-related links are automatically allowed:
- Guest Portal links
- Booking Engine links
- Other internal Cloudbeds domains
Managing Messaging Approved Links
Messaging Approved Links can now be managed directly within Guest Experience without contacting Cloudbeds Support.
Authorized users can add and manage approved domains from the Messaging Approved Links setting in Guest Experience.
Because these settings affect message security, access is protected by Step-up Authentication. Users may be prompted to re-authenticate before making changes if they have not recently completed step-up verification.
Managing Approved Domains
If a message is blocked because it contains an unapproved external link, authorized users can add the base domain directly from the Messaging Approved Links setting in Guest Experience.
Once a base domain is approved:
- All links from that domain will send normally
- Subpages are automatically included
- UTM parameter variations are also supported
Example:
example.comexample.com/offersexample.com/?utm_source=email
All would be permitted once example.com is approved.
Comments
Please sign in to leave a comment.