Here is how it works
The fraudster sends through an enquiry on a holiday rentals site like www.spain-holiday.com or any other holiday rental site. The homeowner answers him and now the fraudster has the email address of a homeowner.As of yet, we have only seen the scam targeting people with an email service provided by Yahoo, BTinternet and Gmail. But there may be scams against other email providers as well.The fraudster now sends the homeowner an email from the email address of a holiday rentals website. It will appear to be an enquiry in the correct format and if you have an advert running with this particular site, you will not note that it is a fake.This was one that was caught by one of the advertisers on www.spain-holiday.com. He knew something was wrong since he does not advertise on vrbo, yet he received an enquiry
The phishing part
Let's say the homeowner did have an advertisement running with that particular holiday rental site.He would then hit the "reply" button and an Internet page would appear where he is asked to verify his account details with Yahoo, BTinternet or Gmail etc, by typing in the user-name and password for his email account.Obviously the login page has all the right logos and formats in place, so it is very hard to see that it is fake.The only place where you can see that it is a fake, is when the address line (URL) does not say Yahoo, BTinternet og Gmail. We have seen examples like this:
http:// home.comcast.net /~kratzfamily?login=doneSuccesswarrning9&us.mg5.mail.yahoo.com/neo/launch?.rand=cdpm5tab2p8q5 which redirects to another url on an ip address
http:// 83.244.220.233 /common/swf/login/yahoo/?login=doneSuccesswarrning9&us.mg5.mail.yahoo.com/neo/launch?.rand=cdpm5tab2p8q5
Here you see an example of a fake login page:
If the homeowner falls for this trick his email account is now completely hijacked/hacked and the fraudster has full access to all emails and enquiries. The fraudster now has two ways to abuse his new illegal access.
- He can copy all the information he needs from an enquiry and delete the email
- He can setup a filter in the email account so that all emails containing a certain text in the subject line gets forwarded to his email address and afterwards deleted. It could be a filter that looks for the word "Enquiry" for example.
Whatever method he decides to use, he can now start communication with a potential renter without the homeowner being aware.We have also seen a fraudster open up a real website as a trust builder. The one we discovered was www . luxor-estate . com.
Responsibility
If a renter loses money, the person responsible is the homeowner with the hijacked email address. We do not take responsibility for any loss a renter may have, because it is out of our control to avoid this from happening.
Ways to avoid your email from being hijacked
There are a few ways which I personally use.
- Do not click on a link in an email and type in your login details before looking at the Internet page address (also called URL)
- Manually type in the address of the site you wish to login into e.g. www.gmail.com
- Make sure you login to a secure site. That you can see this when the url starts with https// and not http//
If you have a suspicion that your email account has been hijacked, you may consider to close it down and open up a new account. Changing your password is not always enough if a forwarding filter is active.
It is also a good idea to display your phone number in your advertisement. Renters do like to make a phone call before making a monetary transfer and obviously this will reveal any fraudulent activity. If you have any questions, please do not hesitate to call or write to us.
We have a lot of experience dealing with these types of problems and will be happy to assist you.