The ITEA owner dashboard is the management interface used by members of the Gîtes de France network to manage their bookings, schedules, and accommodation records. The login occurs through the page prop.itea.fr, where the owner identifies themselves with their email address and a password. Since the removal of the login by owner number, the email has become the only identifier, which concentrates the risks on a single point.
Phishing on prop.itea.fr: scenarios observed among gîte owners
Attempts at phishing specifically targeting owners have multiplied in recent years. The process follows a recurring pattern: an email mimicking the ITEA interface or the Gîtes de France brand invites the recipient to click on a link for a supposed security update or urgent verification.
Recommended read : Understanding the Importance of Converting Hours to Hundredths for Professionals
The link redirects to a visual copy of the prop.itea.fr page. The owner enters their credentials, which are then captured. The hacker then accesses the owner dashboard, modifies bank details, or diverts ongoing bookings.
A second scenario exploits the email account itself. If the email password is the same as that of ITEA, compromising one gives access to the other. The hacker can then request a password reset for ITEA and intercept the confirmation link. To log in to the ITEA owner dashboard safely, the first measure is to manually type the URL prop.itea.fr into the address bar rather than following a link received via email or SMS.
Read also : How to Optimize Your Academic Email Management: Practical Solutions
Security checklist before and after each ITEA login
Strengthening access does not require technical skills. The following checks cover the most common vulnerabilities.
Check the URL and the certificate
Before entering any password, ensure that the address displayed in the browser is exactly prop.itea.fr. An extra character, a hyphen, or a different domain (prop-itea.fr, prop.itea-france.com) indicates a fraudulent page. The padlock to the left of the URL confirms that the connection is encrypted, but it does not guarantee the authenticity of the site: phishing pages can also have an SSL certificate.
Secure the email associated with the account
The email address is now the only identifier on ITEA. If this email account is compromised, everything else falls. Two direct rules:
- Use a distinct password for the email and for ITEA. No password should be used on two different services.
- Enable two-factor authentication (MFA) on the email account. Most providers (Gmail, Outlook, Orange) offer validation via SMS or app. This additional layer blocks a hacker even if they have the password.
- Regularly check recent logins in the email settings. A login from an unknown device or location should trigger an immediate password change.
Manage the “keep my session active” option
The ITEA login page offers a “keep my session active” checkbox. When checked, it avoids the need to re-enter credentials at each visit. On a personal, non-shared computer, the risk remains low.
On a shared device, a desktop computer in a gîte, or a public access station, this option leaves the session open for the next person. The rule: only check this box on a device whose owner is the sole user and which has password or fingerprint protection.
iCal synchronization and channel manager: locking the side doors
The direct connection to prop.itea.fr is not the only entry point to the owner dashboard data. The iCal synchronization allows third-party tools (channel managers, booking engines) to automatically update the ITEA schedule without manual re-entry.
The iCal feed relies on a unique URL that contains a technical identifier. Anyone with this URL can read the schedule, and depending on the configuration, write to it. If this URL leaks (email forwarded to a third party, copy-pasted in a forum), an unknown person can view availability or inject false bookings.
Check active iCal feeds
In the ITEA owner dashboard, the synchronization section lists the active iCal feeds. Each active feed should correspond to an identified tool: a channel manager like elloha, a personal booking engine, or a distribution portal.
- Remove any iCal feed with an unknown or obsolete destination (old channel manager, abandoned test).
- After deletion, regenerate a new iCal URL for the retained feeds. The old URL becomes unusable.
- Never transmit the iCal URL via unencrypted email. Prefer a direct copy-paste into the channel manager interface.
- Ensure that the channel manager used also has its own password-protected access and, if possible, MFA.
ITEA password reset: procedure and pitfalls to avoid
The “Reset my password” function on prop.itea.fr sends a reset link to the account’s email address. This mechanism is reliable as long as the email account itself is secure (see the previous section).
After a reset, the new password must contain at least twelve characters, mixing uppercase, lowercase, numbers, and special characters. A short or reused password from another service nullifies all security efforts.
Be cautious with timing: if a reset email arrives without being requested, it is a sign that someone is trying to take control of the account. In this case, do not click on the received link, immediately change the email password, and then initiate a reset from prop.itea.fr by typing the address manually.
The security of an ITEA owner dashboard relies less on the platform itself than on the owner’s login habits. A unique password, an email protected by MFA, and regularly audited iCal feeds close the vast majority of vulnerabilities exploited by phishing targeting the Gîtes de France network.