What is phishing?
Phishing is an attempt by criminals to steal your online identity, typically by gaining access to your email account. Today, the losses due to phishing are relatively small, but stories like Sonia Guillaume, a traveler who unknowingly wired money to a scammer, are making headlines and bringing into question the security of the vacation rental industry.
In a recent post by Tom Hale, Chief Product Officer at HomeAway, he outlines why scammers and criminals target the vacation rental industry for phishing schemes:
- It’s standard practice for travelers to pay large sums of money long before they stay, sight unseen
- Not everyone understands safe and secure payment methods
- Many people conduct business from email providers that have been repeatedly compromised
- Cyber criminals are good at exploiting communities that rely on trust and a personal connection
How does it happen?
Usually the scammer will send you an inquiry posing as a renter in order to learn your personal email address. Now they send you a separate email pretending to be an official organization (i.e. your email provider) to induce you to enter your personal information into their fake website. With access to your email, the criminal can now intercept your inquiries and renters think they are communicating with the owner or manager. The impostor has access to your inquiry list and carries on with your business, attempting to charge potential renters, then steals the money.
Often, renters do not even find out until they arrive at your property expecting a warm welcome and realize they’ve become victims of a scheme. As the homeowner, you, unfortunately, can become the target of their anger. But there are multiple victims in these cases – the traveler who lost hundreds or thousands of dollars, the owner who has had their reputation compromised and may be financially liable for damages, and the vacation rental industry as a whole which is seen as less secure.
How to avoid phishing
1. Increase your email security
If you’re using Google Gmail, the easiest way to avoid phishing is to set up 2-step verification. It adds an extra layer of security to your Google account by requiring a special code sent to your phone when you log into Gmail from a new computer. Hackers would not only have to get ahold of your username and password, but your phone as well.
2. Learn how to spot fraudulent inquiries
Bogus inquiries are often easy to spot – anything that seems too good to be true, probably is. Inquiries for long stays during the off-season, when the number of guests doesn’t match your capacity (i.e. an inquiry for 2 guests on a 4 bedroom home), or when the message references features you don’t have on your property (i.e. questions about skiing at your beach house) should all be red-flagged.
3. Include a phone number on your website and listings
We encourage travelers to contact vacation rental owners directly to confirm their reservation and payment details. By including an up-to-date phone number on your website and listings you’re making it easier for the traveler to confirm your legitimacy.
4. Sign up for text alerts
In addition to email alerts you can get notified via SMS text message when you receive a new inquiry or payment on various listing sites. If you receive alerts you don’t see in your email, or you stop receiving text alerts, check your account for suspicious activity. Here’s how to set up text alerts for new inquiries on HomeAway and payment alerts on FlipKey.
5. Click cautiously
When you receive an email always hover or mouse over the email links to view the destination before clicking. If the link is not to the destination you were expecting or looks suspicious, don’t click on it. Avoid the email links completely and go directly to the website.
Companies very rarely ask you to update your information via email. Unless you are sure or you originated the request, you should login to your account first and see if the site prompts you with a similar message. If not, this is very likely a phishing attempt.
Hackers are good at what they do and often fly under the radar. Your personal information may have been compromised without you even knowing it. Be vigilant and periodically check your inquiry flow by acting like a renter and following the steps to complete an inquiry. If you receive an email from an unknown person then your account has been compromised. If anything seems off (i.e. a renter refers to a communication that you were not aware of), change your password immediately and investigate the situation further.
photo credit: ivanpw