At Mews, your security is our priority. While we continue to see attackers trying to exploit companies across the industry, that activity remains low at Mews thanks to the protections we have in place.
Hospitality remains a target of attack for cybercriminals because guest data is valuable, and phishing is still one of the easiest ways for attackers to get it.
Our Product Security team actively monitors and blocks malicious third parties that target your property. Our defenses remain strong, but they work best when paired with your action taken in Mews to adopt and use our security products. Because it only takes one lapse in awareness, one click on the wrong link, for attackers to get in.
How phishing works
Phishing works because it exploits a weakness in busy people trying to do their job as quickly as possible. Attackers mimic legitimate websites or emails to trick users into sharing their login details or other sensitive data. Once they’re in, they can access guest information, payment data, or internal systems.
The good news? Staying safe is mostly about habits: small, consistent actions that protect both you and your property.
Keep your property protected
You can add an extra layer of protection right now by:
- Securing your property account in Mews Operations. (Learn how)
- Being cautious with unexpected emails or links. (Tips to spot phishing emails)
- Letting your IT team or Mews Support know if you notice anything unusual. (What to do if you think you’ve been phished)
Mews enforces Passkeys for all users as a security best practice. It’s the single best defense against phishing, ensuring that even if credentials are compromised, attackers can’t access your account.
You can also turn on Trusted Device Authorization, so only approved devices can access your property data.
How to spot a fake email
Phishing emails can look convincing, but a few quick checks will help you spot them:
- Check the sender’s address. Official Mews emails only come from “@mews.li” or “@mews.com”.
- Look for urgency or pressure. Real Mews messages don’t threaten to suspend your account or demand instant action.
- Hover before you click. Make sure links point to “mews.com” not a fake like “mewsz.com”.
- Be cautious with attachments. Don’t open anything unexpected or unfamiliar.
- Ask if unsure. Contact Mews Support or your system administrator before acting.
If you think you’ve been phished
Act fast! Quick action limits damage and keeps guest data safe.
- Change your Mews password immediately at https://app.mews.com.
- Report the incident to Mews Support with details and screenshots.
- Investigate internally to understand what happened and alert affected guests if necessary.
- Raise awareness within your team to prevent repeat incidents.
You can find full step-by-step guidance here.
Small habits, strong security
Cybersecurity isn’t just about tools, it’s about people. Every employee, every user, every property plays a role.
Stay alert. Pause before you click. Report anything suspicious.
Together, we’ll keep your property, your data, and your guests safe.
Thanks for staying vigilant.
