Phishing incidents are fraudulent attempts by cybercriminals to steal your login information through various methods, such as posing as legitimate websites. 

You need to ensure that all your Mews account holders adhere to security best practices to avoid data incidents, unauthorized access to sensitive information, and to maintain the security of their accounts, as well as to align with data privacy laws and standards when undergoing audits. 

In Mews Operations, you have several security options to protect user accounts and property data. Passkeys offer a strong, phishing-resistant login method and are recommended as a security best practice. Mews also enforces two-factor authentication as mandatory for all account holders. Together, these measures help protect your property and guest information from unauthorized access, such as through phishing attempts. You can learn more in the help article securing your Mews Operations user accounts. 

In this article you can learn about:

• How to prevent misuse of your property and guest information from phishing incidents:
  1. Do not use google or any other search engine to search for "Mews Login"
  2. Check the URL for spelling errors
  3. Set up passkeys for your Mews account
  4. Enable two-factor authentication (2FA) for all your Mews account holders
  5. Inform your team immediately
  6. Change your login credentials
  7. Report suspicious activity and phishing attempts
  8. Enable other available security measures, for example, Trusted Device Authorization
• Troubleshooting: I cannot see guest email address and phone number anymore 

How to prevent misuse of your property and guest information from phishing incidents 

Cybercriminals create fake sites that mimic the official Mews login page, appearing in search results for "Mews login." 

Example of URLs:

• Official URL: https://app.mews.com
• Fake URL: https://app.mewsz.com 

You need to take the following steps to protect the misuse of your property and guest information from phishing attempts: 

1. Do not use Google or any other search engine to search for "Mews Login." 

• Enter the URL directly: https://app.mews.com or 
• Use a bookmark to access the official site. Note: You can learn more about how to create a bookmark for Microsoft Edge here.  

2. Check the URL for spelling errors 

Passkeys offer a strong, phishing-resistant login method and are recommended as a security best practice. Passkeys let you log in without a password and protect your account from phishing attacks that rely on stolen credentials.  

You can learn more in the help article how to create passkeys for your Mews account. 

4. Most importantly, enable two-factor authentication (2FA) for all your Mews account holders 

Two-factor authentication adds an extra layer of security and is mandatory for all Mews account holders. 

Note: Users without two-factor authentication enabled cannot view full customer emails and phone numbers as they are masked in Mews Operations, including all exported reports, to prevent any misuse.

• Mews enforces two-factor authentication (2FA) as mandatory for all Mews account holders for an added layer of security. 
• Mews recommends activating 2FA via email as your preferred 2FA authentication method and following all recommended security measures. You can learn more about the 2FA login journey here. 

5. Inform your team immediately 

• Educate your team and clients about these phishing threats. 
• Regular reminders and training sessions can help prevent accidental logins on fraudulent sites.  

6. Change your login credentials  

• Change your login credentials even on potential other sites where you use the same credentials.  

7. Report suspicious activity and phishing attempts 

• If you suspect you logged in via a fake site or accidentally shared your credentials, report it to our support team immediately.  
• Conduct an immediate investigation into the matter and take appropriate measures to mitigate the impact and comply with applicable laws and regulations. For example, informing affected parties and notifying relevant authorities.  

8. Enable other available security measures, for example, Trusted Device Authorization 

• Trusted Device Authorization is a feature that enhances account security by ensuring that only approved devices can access a particular Mews account. You can authenticate multiple devices as trusted when logging in to Mews. You can learn more in the help article Trusted Device Authorization in Mews Operations. 

Troubleshooting: I cannot see guest email address and phone number anymore 

Recent elevated levels in phishing attempts made it necessary for Mews to mask email addresses and phone numbers of guests in Mews Operations including all exported reports to prevent any misuse. This means users without two-factor authentication enabled cannot view full customer emails and phone numbers. 

Quick action can help protect your account and others. Staying vigilant is key to protecting your data.  

• What to do if you think you were phished
• Securing your Mews Operations user accounts