Phishing and email scams targeting holiday rentals

Email scams and phishing attacks are becoming commonplace and now more than ever it’s vital that you protect your email account and ultimately your holiday rental bookings. Read this article to avoid becoming a victim. 

 

What is Phishing?
Phishing is when someone attempts to acquire your personal information such as a user name, password or credit card details by masquerading as a trustworthy entity. A typical example is when someone contacts you via email, asking you to enter your account and perform an action. If they are successful in acquiring this information, they are free to move around your account, filter your enquiries and ultimately contact renters, without your knowledge and defraud them of reservation deposits. 

How does Phishing work?
Typically a fraudster will send you an email enquiry through a holiday rentals website like Spain-holiday.com. It will appear to be a genuine enquiry, in the correct format and if you have an advert running with this particular site, you won’t notice that it is a fake enquiry and will innocently reply, now the fraudster has your email address.  

Here is an example of one that was caught by one of our advertisers on www.spain-holiday.com. He knew something was wrong, as he does not advertise on vrbo, yet he received an enquiry from their website.

vrbo fake email enquiry

A fraudster can also send you a direct email, asking for further booking information. The email will include a ‘reply to this email’ link, which if clicked, will take you to a sign-in page for your email provider, such as Google, Yahoo or Hotmail. This is a fake sign-in page, if you enter your password into this page the fraudster will have your password and will be able to hack your email account and start phishing.  

 

How can you tell a fake sign-in page?
The way to tell if an email links to a fake page is by checking the url address line. Your genuine url address, will be a secure page (https://) and will include the name of your provider i.e. google. See example below: 

Gmail real account

 

A fake page will not be a secure page and neither will it come from a genuine email provider, see example below: 

 

Fake email account

The responsibility
A phishing case always has two victims: the homeowner and the renter. The renter becomes a victim if a homeowner has not protected their email account sufficiently and it gets hacked. It’s possible that they can lose money, by paying a fraudster a rental deposit, so it’s vital you understand your responsibility in protecting your email account. 

Spain-holiday.com can’t assume responsibility for phishing cases because we don’t have control of how a homeowner manages their email account. We will however be helpful in helping you resolve any phishing attempts and we can offer advice on what to do next. 

The poor password scam - suggestions to protect your email password

  • We recommend you always use a combination of letters, numbers and symbols with more than six characters Change your password frequently
  • Do not use the same password for your bank, email, Facebook, Spain-holiday.com etc
  • Remember your password, don’t write it down
  • Keep in mind that no serious company would ever ask you to re-enter your credit card details, user name or password.
  • If you have introduced a CC email account into your Spain-holiday.com account, the above also counts for this email account. 

 

Further recommendations

  • If two different owners reply to one enquiry, obviously the renter is warned that something is not right. So always make sure to answer your enquiries, even if your property is not available, or for other reasons is not available for rent
  • If you display a phone number, there is a good chance that a renter will give you a call before finalising the booking and this is where such a scam will be revealed
  • Your pc or Mac should always be running the latest software and especially the latest browser version and antivirus software
  • If you work from a net cafe or other public locations, make sure to logout from your account sessions when leaving the computer
  • And finally, using the two-step verification system offered by email providers, such as Google, Microsoft and Yahoo, provides an extra layer of protection for your email account, ensuring it can’t be compromised.  

Please contact us if you have any questions or concerns about phishing or email security and protection.