Phishing and Email Scams - Update

Phishing is not new and is widely known, but never before have we seen the holiday rentals industry specifically targeted. Sadly it has already lead to broken dreams and loss of money because renters have paid the wrong people.

Here is how it works

The fraudster sends through an enquiry on a holiday rentals site like www.spain-holiday.com or any other holiday rental site. The homeowner answers him and now the fraudster has the email address of a homeowner.As of yet, we have only seen the scam targeting people with an email service provided by Yahoo, BTinternet and Gmail. But there may be scams against other email providers as well.The fraudster now sends the homeowner an email from the email address of a holiday rentals website. It will appear to be an enquiry in the correct format and if you have an advert running  with this particular site, you will not note that it is a fake.This was one that was caught by one of the advertisers on www.spain-holiday.com. He knew something was wrong since he does not advertise on vrbo, yet he received an enquiry

phishing example

The phishing part

Let's say the homeowner did have an advertisement running with that particular holiday rental site.He would then hit the "reply" button and an Internet page would appear where he is asked to verify his account details with Yahoo, BTinternet or Gmail etc, by typing in the user-name and password for his email account.Obviously the login page has all the right logos and formats in place, so it is very hard to see that it is fake.The only place where you can see that it is a fake, is when the address line (URL) does not say Yahoo, BTinternet og Gmail. We have seen examples like this:

http:// home.comcast.net /~kratzfamily?login=doneSuccesswarrning9&us.mg5.mail.yahoo.com/neo/launch?.rand=cdpm5tab2p8q5 which redirects to another url on an ip address 

http:// 83.244.220.233 /common/swf/login/yahoo/?login=doneSuccesswarrning9&us.mg5.mail.yahoo.com/neo/launch?.rand=cdpm5tab2p8q5

Here you see an example of a fake login page:

login phishing

If the homeowner falls for this trick his email account is now completely hijacked/hacked and the fraudster has full access to all emails and enquiries. The fraudster now has two ways to abuse his new illegal access.

  1. He can copy all the information he needs from an enquiry and delete the email
  2. He can setup a filter in the email account so that all emails containing a certain text in the subject line gets forwarded to his email address and afterwards deleted. It could be a filter that looks for the word "Enquiry" for example.

Whatever method he decides to use, he can now start communication with a potential renter without the homeowner being aware.We have also seen a fraudster open up a real website as a trust builder. The one we discovered was  www . luxor-estate . com.

Responsibility

If a renter loses money, the person responsible is the homeowner with the hijacked email address. We do not take responsibility for any loss a renter may have, because it is out of our control to avoid this from happening.

Ways to avoid your email from being hijacked

There are a few ways which I personally use.

  1. Do not click on a link in an email and type in your login details before looking at the Internet page address (also called URL)
  2. Manually type in the address of the site you wish to login into e.g. www.gmail.com
  3. Make sure you login to a secure site. That you can see this when the url starts with https// and not http//

If you have a suspicion that your email account has been hijacked, you may consider to close it down and open up a new account. Changing your password is not always enough if a forwarding filter is active. 

It is also a good idea to display your phone number in your advertisement. Renters do like to make a phone call before making a monetary transfer and obviously this will reveal any fraudulent activity. If you have any questions, please do not hesitate to call or write to us. 

We have a lot of experience dealing with these types of problems and will be happy to assist you.