Imitation may be considered the highest form of flattery. Bad actors on the internet, though, fall outside the consideration set. As phishing attempts become increasingly sophisticated, hoteliers need to stay vigilant and implement robust security measures. Many security measures include automation and technology. The first line of defense will always be the individual, be they a guest or an employee of the hotel.

At Revinate, we are here to work with you to protect your hotel and guests from these malicious attempts.

Best practices for prevention

Recognizing phishing attempts

The best way to prevent a phishing attack is to recognize it. Phishing attacks are often disguised as legitimate communications. Be on the lookout for:

  • Emails with urgent requests or threats
  • Messages containing unexpected attachments or links
  • Requests for sensitive information (such as login credentials, billing information, etc.)
  • Poor grammar or spelling errors
  • Suspicious sender email addresses

Secure your systems

  • Ensure all your vendors have MFA turned on. Revinate has implemented multi-factor authentication (MFA) for all accounts that are not Single Sign On
  • Use strong, unique passwords and a password manager
  • Regularly update and patch all software and systems

Train your staff

  • Conduct regular phishing awareness training sessions
  • Perform simulated phishing exercises to test staff readiness
  • Encourage a culture of security awareness and reporting

Protect your online presence

  • Never use search engines to access login pages, but bookmark them instead
  • Verify the authenticity of websites before entering credentials
  • Implement AI-based threat detection for email traffic

Safeguard guest information

  • Secure your hotel’s WiFi network
  • Educate guests about potential phishing risks
  • Use secure methods for handling guest payment information

Responding to phishing attempts

If you suspect a phishing attempt:

  1. Don’t click on any links or download attachments
  2. Report the incident to your IT department immediately
  3. If credentials were compromised, change passwords immediately
  4. Inform affected parties if any data breach occurred

Guest communication

If you believe someone at your hotel was duped by a phishing attack, and your guests may be impacted, immediately communicate with them using a clear, transparent, and actionable message.

Recommended communication

Dear Valued Guest,

At [Hotel Name], your safety and security are our top priorities. We want to help you protect yourself from potential online booking scams and ensure a worry-free travel experience.

Quick security tips: 🔒 Book directly: Always use our official website or verified booking platforms

💳 Secure payments: Only use encrypted payment methods

📱 Verify communications: We’ll never request sensitive information over the phone or via email. Scammers may try to impersonate a company through calls, texts, and emails.

Red flags to watch:

  • Unsolicited emails asking for personal details
  • Deals that seem too good to be true
  • Requests for immediate payment through unusual methods

How to protect yourself:

  • Verify website URLs
  • Use strong, unique passwords
  • Check sender email addresses carefully

If you have concerns, please contact our team directly at [Phone Number] or [Email Address].

Warmest regards,

Bad actors try to imitate Revinate, too

Email communication is not the only way the bad guys are trying to dupe your hotel employees. In December, the Securities Commission Malaysia released a list of potential clone companies, and we were made aware that an organization out there calling itself Revinate Tech Services was on that list. This list serves primarily as a warning for investors. Still, as a hotelier, you should also be aware that entities are trying to capitalize on Revinate’s brand and reputation.

Our customers have also alerted us to a website trying to copy us. Please be aware, and if you see a webpage like this, don’t click!

We’ve filed a complaint with the web hosting service, but the site remains active today. Bottom line, anyone who contacts you from Revinate Tech Services, Revinate Work Bench, or any other variation of our name…that’s not us!

Revinate takes data security very seriously. Modern phishing attacks can create challenges; we are here to help. We hope the information shared here will help your employees and guests be aware of (and avoid falling for) phishing attempts to grab valuable guest data. If you would like us to share further information on best practices to help prevent phishing against your employees, please let us know, and we will be happy to share the approach we take internally.

About Revinate

Revinate is a direct booking platform that leads the hospitality industry in driving direct revenue and increased profitability.

Our products and our people combine to give hoteliers the superpowers they need to crush their goals. With Revinate, hoteliers shift share away from OTAs and drive tangible results across an individual property or a portfolio. Our industry-leading, AI-powered, customer data platform collects, unifies and, synthesizes data giving hoteliers a foundational advantage.

Hoteliers gain critical intelligence – guest lifetime spend, stay preferences, ancillary revenue, and more. With our Rich Guest Profiles database, hoteliers don't need to guess who their most profitable guests are, or how to drive conversions across email, voice, messaging, and digital channels.

Revinate's direct booking platform and omnichannel communication technology powers 900+ million Rich Guest Profiles across 12,500+ hotels to drive over $17 billion in direct revenue.