If you receive a booking inquiry or guest message that looks suspicious or fraudulent, this guide tells you exactly what to do. This is different from an account compromise - your Cloudbeds account is not affected, but you may be the target of an attempt to extract payment, personal information, or action from your property.
What suspicious booking messages look like
Fraudulent inquiries can arrive through any channel - a booking platform, email, in-platform messaging via GX or Whistle, or a direct inquiry form. Common patterns include:
- A "guest" asking you to process a payment outside your normal booking flow, or to send a refund to a different card or bank account
- An inquiry containing a link you are asked to click to "confirm" a booking or access a document
- A message requesting that you move communication off the booking platform to email or WhatsApp
- An unusually large or complex group booking accompanied by urgency, a request for a deposit wire transfer, or an unusual payment method
- A message that appears to be from a booking platform (Booking.com, Airbnb, Expedia) asking you to verify your account or payment details by clicking a link
What to do
1. Do not respond, click any links, or take any action requested in the message.
Do not send payment information, confirm bank details, download attachments, or follow any instructions in the message until you have verified it is legitimate through an independent channel.
2. Do not delete or dismiss the message.
Keep the original message exactly as it arrived. Do not mark it as spam or archive it yet - the content is needed for investigation.
3. Take a screenshot or copy the full message.
Capture the full message including the sender name, email address or username, timestamp, and the complete message body. If the message contains a link, copy the URL as plain text - do not click it.
4. If the message arrived via a booking platform, verify independently.
Log in directly to the booking platform's extranet (not via any link in the message) and check whether the inquiry, reservation, or communication exists there. Legitimate platform messages will always be visible in your official extranet inbox.
5. Contact Cloudbeds Support.
Forward your screenshot and a description of what you received to support@cloudbeds.com. Include:
- The channel the message arrived through (email, GX/Whistle, OTA, other)
- The sender name and address or username
- The date and time you received it
- What action the message was asking you to take
- Whether anyone at your property responded to or acted on the message before it was identified as suspicious
Our team will review it and advise on next steps.
If someone at your property already responded or took action
If a staff member sent payment information, clicked a link, or provided personal or banking details before the message was identified as suspicious, treat this as an active incident and act immediately:
- Contact your bank or payment processor if financial details were shared
- Change any passwords or credentials that may have been provided
- Contact Cloudbeds Support urgently and flag that action was taken
If your Cloudbeds account credentials were entered anywhere, follow the full steps in: Suspected Phishing or Compromised Account: Emergency Plan
A note on common scam patterns in hospitality
Fraudulent booking inquiries are a known and frequent threat in the hotel industry. Attackers target properties specifically because front desk staff are trained to be helpful and responsive to guest requests. The most effective protection is a simple rule: **any request involving payment, credentials, or urgent action that arrived unexpectedly should be verified through an independent channel before acting on it. When in doubt, do not act - contact support first.
Comments
Please sign in to leave a comment.