Phishing & Scams
Phishing and scam is the scourge of online marketing. The vast majority of your enquirers will be genuine, legitimate people looking for that perfect spot for their holiday trip. But very occasionally they won’t, and sadly this is becoming more and more common.
Bogus Enquiries & Bookings
Be aware that if your property is listed on one or more holiday rental portals, you will possibly get fake enquiries which are really from scammers attempting to illicit sensitive information or money from you. However don’t be too anxious about this, as long as you’re vigilant with every enquiry it shouldn’t affect your rental business too much.
Examples of phishing enquiries we have personally received in the last couple of years:
Good Day , Am David from Washington state I will like to know if i can rent your property from date below Checking Date : 3 Dec 2011 Checkout Date 10 Dec 2011 Adults : 2 Looking forward to read your good news. Thanks David Sent via DROID on Verizon Wireless
How are you ? I got your mail about your apartment avialable for rent. As you know i am in London
and i need to get every details about the apartment before i come over there.
However, I will be moving in as fast as I can, I will like you to talk to me about the apartment cost
the move in date and the methods of payments.
Have a nice day and talk to me as soon as possible.
i want to put this to your notice that the payment has been sent to you but there is some mixed up with the payment.instead of my accountant to issue a payment of £1300.00 a payment of £3300 was sent to you.i will want you to deduct the rentage money and send the rest to me which will be used for my flying ticket and other things i will need to buy when coming to london.
let me read from you.
If an enquiry is blighted with poor spelling and grammar, strange English, mention of payment too early and overly-familiar tones this always sets my alarm bells ringing. If you’re uneasy about the enquiry, ignore it. Or at very least check the guest’s name and phone number online as it may lead you to a warning post on a forum.
22 ways to spot potentially bogus and phishing enquiries…
- Questions that don’t relate to your specific property or use of ambiguous words.
- Introducing themselves in this format “Hello, I’m ***** ****** from *******”.
- Sharing personal details with you like illness and death.
- Phrases like “I’m glad to inform you”, “Kindly check if…”,“My regards to your family”, “Stay blessed”, “Await your swift response”, “Waiting ur reply” and “Wanna rent your property”.
- Requested stays of one month or more.
- The email address being totally different to the owner/manager’s name or making no sense.
- Wanting to pay instantly by moneygram, wire transaction or ‘certified check’.
- Third parties booking on behalf of ‘clients’ ‘missionary groups’ or ‘delegates coming for a conference’.
- A guest stating they are being sent to your area by their company.
- Asking immediately for “your final price”.
- Someone asking for payment terms and wanting to book straight away without any questions.
- The overpayment scam – A guest claiming to have overpaid in error by cheque and wanting a refund of the difference.
- Premium rate telephone numbers. Check an unknown telephone prefix before calling any enquirer back as it may lead to a exhorbitant telephone rate call scam.
- EMAILS ENTIRELY WRITTEN IN UPPER CASE.
- The enquirer giving lots of reasons why they can’t pay by credit card.
- Guest stating they have no contact phone number as they are ‘on the road’.
- Involvement of an accountant.
- Mention of reimbursement to a ‘travel agent’.
- Poor grammar (although this can be the result of translation tools like BabelFish or Google Translate).
- Numerous spelling errors. Not necessary a tell-tale sign but it is definitely prevalent within scam emails.
- Signing off with “Have a nice day”.
- Requesting a copy of your passport or national insurance card for guest ‘business expense’ reasons.*
Also check fakechecks.org and scamwarners.com
*As well as the overpayment scam, another less-documented one is to get hold of an owners identification by requesting it for business expense reasons when a ‘booking’ is being confirmed. This, alongside your bank details gives a scammer enough to carry out transfers from an owners account. Be very wary of giving copies of your ID to potential guests.
Phishing is the name given to solicitation of sensitive information like credit card numbers, usernames, passwords, addresses and other personal details.
It will regularly take the form of an email claiming to be from a trusted company. This will include a link to another webpage for you to update such information, subsequently leading to your account being manipulated. If someone else has run of your advert they can use it to fraudulently get ‘rental income’ from unsuspecting enquiries.
Be wary of phrases like “Your account has been suspended”. Such emails are usually bogus.
So, never update your details from an email link requesting personal information. If you do think it may be genuine always return directly and login to the company’s official site or call the company to verify if any details are in fact required.
HomeAway recently posted a message to owners advertising on their site warning of an email message below doing the rounds requesting users to avail of their free ant-virus software.
Protect yourself and your travelers
Visit our new security center for best practices on how to protect your online accounts from identity theft and keep rental payments secure.
Don’t be fooled by long addresses that have a reputable holiday rental name or google in them: www.homeaway.com.unscrupulouswebsite.com/login
Hover over any links and in the bottom left of the browser window you should see the actual URL of the link.
The main extension of the enquirers email address can also be research in a search engine to check if they are indeed a reputable company/website – e.g. email@example.com.
Other phishing scams include calls to your home asking for your email address – the excuse usually being that an enquiry was sent to you which may not have been received. This is could be a possible attempt to send you a subsequent email from the relevent holiday listing company which, if you follow links, could comprimise your listing security. Never give out your email address in this way as prospective guests can always contact you again via a website form.
Stories about owner’s email address and adverts being compromised are rife…
Fake PayPal emails
Do not open emails supposedly from Paypal about disputes or payments having been made from your account. They are convincing looking (like this below received in March 2012) however unless you recognise the transaction DO NOT OPEN any link on the email. If unsure simply delete it and go to the official PayPal site to check.
|Dear PayPal Member,This email confirms that you have paid Maciaselectronics (firstname.lastname@example.org) $449.00 USD using PayPal.This credit card transaction will appear on your bill as “PAYPAL Maciaselectronics*”.
If you haven’t authorized this charge, click the link below to cancel the payment and get a full refund.
|Thank you for using PayPal!
The PayPal Team
|PayPal Email ID PP128|
What can you do to make sure your adverts haven’t been breached or cloned?
Make sure you check/edit your adverts and, if applicable, your enquiry history, regularly. Your weekly availability calendar update is a good time to do this.
Check chunks of your advert text* and images** online regularly to make sure they are not being fraudulently used online elsewhere (this has been rife on the massive US classifieds site ‘Craigs List’). You can search for your website content on www.copyscape.com and images on www.tineye.com however I find Google tools more productive.
*Either copy and paste a chunk of your advert/website text or use http://www.google.com/alerts which will send you an alert email if it finds your keywords.
**In Google Images just click on the camera icon on the right of the search box to paste a website url or upload image which can then be checked across the web for matches.
The more websites your property appears on, the more likely you are to be contacted by new ‘unique’ holiday rental websites. I receive about half a dozen phone calls throughout the year to advertise on a new holiday portal for an exceptionally low price. They will usually claim to be specifically searching for properties in certain areas for their clients. Proceed with extreme caution. You don’t need me to tell you that if it seems too good to be true, it usually is.
Before you consider anything, check the following:
Property forums (e.g. Lay My Hat) – where fellow owners may well have posted their mutual concerns/experiences about a specific company.
- Alexa.com / Urlspy.co.uk / Compete.com – Enter the website address to check its traffic ranking/popularity and which other websites link to them.
- WHOIS – who owns the company or website? Then search this name.
A company called ‘Force Network Travel’ contacted me a few years ago about posting one of my properties on its site (specifically for up to 4 million retired police officers around the world). It sounded reasonable. When I waivered they instantly offered me a second advertisement ‘for free’. Not the normal business practice of a reputable company. When taking the steps above I found out it was a complete racket and the company pocketed the money without ever sourcing new bookings.
Ask for a free trial without giving any payment details. If the site is legitimately wanting you to try the service they should have a free trial period.
Sometimes you may not even be contacted and your full advert will appear on a website unbeknown to you. For example I’ve heard of this website http://www.stairwaytohaven.com ripping photos and descriptions from other sites. Be careful and check the first line or two of your main advert in Google periodically to make sure it’s only where you want it.
Your guests’ security
It’s equally important to look after your guests’ security and let them know that booking with you is safe.
Scams exist mostly to profit from honest, unsuspecting holiday makers:
State on your advert that you encourage guests to pay by PayPal for their own protection and give them your address and phone number(s) so they can both call you and reconcile the numbers. If you have guest reviews make sure potential guests can see these too. Use one or two of the several badges of trust out there.