It has come to our attention that some WebRezPro clients have been targeted in a phishing attempt by an unknown source. The information below will provide you with details about this attempt as well as general information about phishing scams and how to protect yourself against such attacks.
WHAT IS A PHISHING SCAM
The goal of a phishing scam is to obtain confidential information such as usernames, passwords and credit card details. It is accomplished by masquerading as a trustworthy entity (like WebRezPro) and tricking you to provide confidential information. In most cases, this is done via email.
WHAT TO WATCH FOR
In this phishing attempt, targeted properties receive an email that appears to be sent by WebRezPro with the subject line of “System Maintenance.”
The fraudulent email contains the WebRezPro logo and asks you to login into your WebRezPro system by clicking on an orange login button. When you click the button it takes you to a page that looks similar to the WebRezPro login screen. This page is not published by WebRezPro. The fake login form is merely a copy of the WebRezPro login form and any information submitted via this form is being sent to an unknown person or company.
HOW TO PROTECT YOURSELF
- Do not submit any information via the fake form. Clicking on the login button will not compromise your data security, but submitting your login information via this form could result in a security breach. Go to www.webrezpro.com to access the correct WebRezPro sign-in form.
- Use WebRezPro’s IP restrictions feature. WebRezPro offers a security feature that limits login access to designated/trusted IP addresses (all computers connected to the Internet have a unique IP address). This means only people from permitted IP addresses can login into your WebRezPro system. This feature is useful for two reasons. First, it protects you against phishing scams like the one described here. Second, it prevents unauthorized access to your system from employees using home or off-site computers. The IP restrictions feature can be defined and activated for each employee by editing an employee’s WebRezPro profile (Accounting Module > Administration > Employees). You can also call 1-800-221-3429 for setup instructions.
- Change your login passwords on a regular basis.
I MAY HAVE SUBMITTED INFORMATION VIA THIS PHISHING ATTEMPT
If you think that you or an employee may have submitted login information via a phishing attempt, change the password immediately. Also, please call WebRezPro Support at 1-800-221-3429 (Option 2).
The WebRezPro Team