Skip to main content
Solved

Fake emails

  • April 11, 2025
  • 3 replies
  • 148 views
N

Phishing emails sent to guests – are others experiencing this?

We are currently experiencing an issue where fraudulent emails are being sent to our guests. These emails contain their reservation number and urge them to enter their credit card details via a link.

What’s particularly concerning is that the emails include both the correct email address and reservation number for upcoming stays.

We use Mews as our only system where both guest email addresses and reservation numbers are stored – so we would like to know if others are experiencing similar issues or are aware of any potential security breach in Mews?

Best answer by marc agilotel

Hi ​@Nanna 

Yes, this is a well-known problem and affected several of our customers in the past.. Most likely cause is that one of your staff members either googled the Mews Login page and was redirected to a fake page, or clicked on a false link in an email.

This then directs the user to a fake login page, where they enter their credentials and 2FA authentication. The user is then logged into the Mews application and does not notice something just happened.
The attacker then can also login to Mews and downloads reservation reports, which they then exploit. We had cases over email as well as over WhatsApp.

Google “Man-in-the-middle” attack to get more technical details, this is a well-known form of attach and affects many solutions, f.e. booking.com as well (not a Mews particular problem!).

Actions:
- Contact Mews Support asap. They have a dedicated team for this sort of security incidents and can tell you what user is probably affected.
- Reset passwords on all users
- Train staff to never google the Mews login page or react to emails. Always use browser favorites to access Mews.
- Depending on the country where you are, contact your data protection officer asap. In several countries, there are regulations in place that you need to inform authorities in a very short time after you took notice of such a data breach
- Decide on proactive guest communication. In our experience, the phishing emails will cause lots of feedback from guests within 48-72 hours after appearing, then it calms again. Make a good decision if you want to proactively inform all guests or not, also potentially include legal advise on this. Decide on statements to pass to guests on the phone and train your staff accordingly.
- Start a detailed written protocol of your actions, with date/time. Depending on country, data protection officers and authorities will want this.
- Search Mews community and support forum. There are several posts and articles there with further useful information.

Best, Marc
 

    3 replies

    M
    Forum|alt.badge.img+2
    • marc agilotel
    • Superstar Helper
    • Answer
    • April 11, 2025

    Hi ​@Nanna 

    Yes, this is a well-known problem and affected several of our customers in the past.. Most likely cause is that one of your staff members either googled the Mews Login page and was redirected to a fake page, or clicked on a false link in an email.

    This then directs the user to a fake login page, where they enter their credentials and 2FA authentication. The user is then logged into the Mews application and does not notice something just happened.
    The attacker then can also login to Mews and downloads reservation reports, which they then exploit. We had cases over email as well as over WhatsApp.

    Google “Man-in-the-middle” attack to get more technical details, this is a well-known form of attach and affects many solutions, f.e. booking.com as well (not a Mews particular problem!).

    Actions:
    - Contact Mews Support asap. They have a dedicated team for this sort of security incidents and can tell you what user is probably affected.
    - Reset passwords on all users
    - Train staff to never google the Mews login page or react to emails. Always use browser favorites to access Mews.
    - Depending on the country where you are, contact your data protection officer asap. In several countries, there are regulations in place that you need to inform authorities in a very short time after you took notice of such a data breach
    - Decide on proactive guest communication. In our experience, the phishing emails will cause lots of feedback from guests within 48-72 hours after appearing, then it calms again. Make a good decision if you want to proactively inform all guests or not, also potentially include legal advise on this. Decide on statements to pass to guests on the phone and train your staff accordingly.
    - Start a detailed written protocol of your actions, with date/time. Depending on country, data protection officers and authorities will want this.
    - Search Mews community and support forum. There are several posts and articles there with further useful information.

    Best, Marc
     

    barb00sa
    elena.pudova
    K
    Robin Gustavsson
    Senior Guru
    Forum|alt.badge.img+2

    Hello Nanna,

    I am so sorry this has happened to you!

    I’ve just sent you a private message so that we can set up a quick call if you need any more help.

    Best regards, Robin
    N
    elena.pudova
    Mews Employee
    Forum|alt.badge.img+1
    • elena.pudovaMews Employee
    • Mews Employee
    • April 11, 2025

    Hi Nanna,

    Thank you for raising this. I am very sorry to hear that you are experiencing this! 

    I have opened a support case for you and reached out directly in DMs as well, I will be updating you on our progress by email shortly. 

    The fraudulent emails your guests received indicate that their data may have been accessed by malicious parties. This typically happens when a user mistakenly enters their login details on a phishing site that looks very similar to the official Mews login page. To minimize the risk of this happening, we strongly recommend bookmarking https://app.mews.com and avoiding searching for it online. 

    Here are some useful sources about this: 
    What to do if you think you were phished
    How to secure your property and guest information from phishing incidents   
    Securing your Mews Operations user accounts
    Stay secure and protect yourself against phishing attempts 🔒 | Community

    Warm regards, 

    Elena 

    Elena
    barb00sa
    K
    Terms and ConditionsCookie settingsAccessibility statement