[ overview ]
This section explains the overview and setup procedure for the whitelist feature, which can be configured via:
[Admin Console] → [Account Settings] → [Security Center] → [Security Settings] menu.
[ detail ]
Whitelist feature overview
Recently, there have been cases of malicious third parties obtaining login information for OTAs such as Booking.com and Airbnb, as well as site controllers, and then committing fraud by asking guests to re-enter their credit card information.
The most important countermeasure is to thoroughly manage your accounts as described below to prevent unauthorized logins.
Set a strong passwords
Change your password regularly
Manage login credentials in a secure environment
Enable Two-Factor Authentication (2FA)
The whitelist feature acts as a last line of defense in the unfortunate event that a login is compromised. Fraudulent messages typically attempt to direct guests to an external URL and steal their credit card information through fake pages.
To protect guests, AirHost currently inserts a security warning at the beginning of any message that contains a URL, except for a few pre-approved URLs such as the pre-check-in link. This ensures guests are aware and can exercise caution when clicking on unknown links.
***Auto-Generated Message
This message contains external links. For your safety, if you are asked to enter your credit card information, please contact the hotel directly to verify the authenticity.
When the whitelist feature is enabled, the following behavior changes will apply:
If a URL included in the message is already registered in the whitelist, the message will be sent without a warning message.
If a URL included in the message is not registered in the whitelist, the message will not be sent.
This feature allows users to manage safe URLs on their own.
How to set up the Whitelist Feature
Go to [Admin Console] → [Account Settings] → [Security Center] → [Security Settings], and enable “Enable Whitelist Verification”.
Note:
This action can only be performed by the owner user who was initially registered when the account was created.
Open the "Whitelist Settings" and add the domain of the URLs you wish to allow to the list, then save it. (*No need to add the pre-check-in URL.)
By saving the settings, the whitelist function will be enabled.
Important Note:
Since the email address contains [ .com ], you need to register a domain that includes [ .com ].
Domains like [Booking.com], [Hotels.com], [Trip.com], [Ikkyu.com], etc., are also recognized as URLs, so they must be registered in the whitelist.