Skip navigation

Join the Vacation Rentals Conversation!

Get answers to all of your questions from fellow owners and travelers.

Join the CommunityX

CommunitySeek, Ask, and Share in the Vacation Rentals Community
HomeAway Insights - News from the Birdhouse
4

I’ve blogged previously about the rise of phishing in the vacation rental industry (What is Phishing? And Why It's Important to You...).  The situation hasn’t gotten better: bad guys continue to target our customers and too often successfully access our owner’s personal email accounts and use them to steal from your guests.  Phishing remains a serious problem on the internet in general and is a particular threat to vacation rental owners who do not educate themselves on how to securely protect their email accounts.

 

We at HomeAway work hard to create a secure marketplace for the vacation rental business we participate in and love.  After listening to much feedback on the subject from you, our customers, HomeAway is proud to introduce a more secure way for you to communicate with travelers who inquire on HomeAway.com and VRBO.com about your vacation rental properties. 

 

HomeAway has developed an email exchange process that displays an anonymous view of your email address to the traveler and the inquiring traveler’s email address to you.  The message is privatized and will be addressed from an email alias ending in “@messages.HomeAway.com.” You can continue to reply to inquiries through your email account, or if you wish, you can reply through the owner dashboard, where you can always view the entire conversation history for each guest.  Once in the owner dashboard, you can view the traveler’s email address. 

 

All inquiries will be sent through HomeAway’s system to help protect your email account from identity theft (phishing) and to keep someone who has successfully phished your email account from seeing the traveler’s email address and trying to communicate with them as you.  After talking with many owners, we believe this will have a minimal impact on the way you conduct business as it is also a practice you are likely familiar with through other websites such as LinkedIn or Etsy.  Remember, at any time, you can access the traveler’s email address within your dashboard.  You also can choose to conduct the conversation within your personal email inbox once you receive the inquiry through your dashboard. But keep in mind, if you copy and paste the email address into a new email using your email provider, any bad guy who has phished your account can see it, too. 

 

Please note that we do not recommend giving travelers your email address, as the conversation will no longer be protected.

 

In addition to providing an extra level of security to your traveler interactions, this new feature enables you to keep your traveler communications in the same location as your reservation tools, calendar, rates, quotes and payment requests.  And, all of your correspondence is also stored within your dashboard for convenient access to your conversations with travelers.

 

We understand that the new process may take a period of adjustment before we are all used to it. However, security is paramount in this business and the protection of potential travelers and the education of our owners as to how bad people can hurt good people like you is an extremely high priority for HomeAway.  Thank you to all of our customers who provided us with the input to develop the service that we hope will help you and HomeAway provide the best and most professional experience in the industry to travelers.  

 

If you have additional questions on this new feature and would like to familiarize yourself on communication best practices, please visit the HomeAway Security Center: http://www.homeaway.com/info/security?Owners/Owner-Best-Practices.

 

Best,

Carl Shepherd

Co-founder and Chief Strategy and Development Officer

1

At the HomeAway Summit this past weekend, owners and managers gathered in Scottsdale Arizona to connect, learn, and share with each other and HomeAway employees. We'll be posting the presentations and a wrap up in the coming days.

 

Brian Sharples held forth on the evolution of the vacation rental industry, and Brent Bellm shared some awesome market research, while HomeAway employees and vacation rental experts shared best practices on topics ranging from social media marketing and online security to new HomeAway products. Everyone made new friends, toasted old ones, networked and kibitzed. There was even an impromptu “ideas” panel pulled together by spirited Summit attendees to generate ideas for enhancements and improvements to HomeAway’s service.

 

On Saturday, teams of HomeAway engineers and product managers showed off some “fresh from the lab” ideas for products in the Sneaks session. A hybrid of American Idol and a Hackathon, the Sneaks are always a popular session at the summit. The teams pitch their ideas, and the audience votes with their applause to select a winner. Some of these features are live right now so go ahead and give them a spin! (Insider Guides and the iOS Mobile App)

 

Sneaks are real time market feedback for HomeAway and a chance for owners and managers to influence our roadmap of coming releases.  After each demo, the Applause-o-meter was put up on the screen to measure how the audience felt about each team’s efforts. We pay close attention to which sneaks get the most applause - so the audience yelled, stomped their feet, and jumped up and down for their favorite features.

 

sneaks.pnglive demos.pngapplausometer.png

 

After the 2012 sneaks, four of nine sneaks were released as products – Automating reservations via online booking, Traveller screening via profilesfiltering and searching on VRBO, and the mobile owner app have all made their way out to owners and managers.  A fifth sneak, “fighting phishing” is nearing beta, while the others are still over the horizon. 

 

In 2013, two of the sneaks are available today for you to try out. See below if you want to get an Insider Guide on your listing or get our new iOS mobile app (it works for VRBO, HomeAway, and HomeAway UK) that enables you to manage you calendar, inquiries, reply with quotes, and send payment requests.

 

Here’s the list of 2013 sneaks and presenters:

 

  • The VRBO team (Melissa, Paul, and Kirk) showed how the VRBO traveler site optimizes the experience across iPads, Iphones, Android Phones, Android Tablets, and devices of every size and shape
  • Matt of the HomeAway Traveler team illustrated a way to view the properties that are the most popular with travelers, with HomeAway Leaderboard,
  • Kate showed how Panoramic 360 photographs (see an example here) enable owners to really show off their properties
  • Dustin, leader of the HomeAway Traveler Team, created an Insider Guide revealing a new way to market your properties and provide your guests with information for their stay (learn how you can add an Insider Guide here)
  • Dave from the mobile team showed how owners can manage their inquiries, calendars, and bookings from their iphone. Learn how to get the mobile app here.
  • Patrick, Tim, and Michael of the social team showed a way for potential guests to learn if they know anyone who has stayed at or reviewed your property, increasing trust for reviews
  • Jason and Patrick of Glad to Have You showed a vision for how mobile apps and home automation from BeHome247 can make for hassle-free stays and save money
  • Jacy, product manager for HomeAway owner tools, showed masked email addresses, unlimited templates, and attachments as part of a new Inbox could make your lives easier while helping secure the vacation rental marketplace.

 

It was too close to call a single winner, so the judges awarded a three-way tie to Panoramas, Home Automation, and the Inbox. It was a great session, and thank you to everyone who participated for all of their hard work, creative ideas, and energetic pitches.

 

Most of the sneaks were future concepts, fresh from the lab. But two of the products that were sneaks are live today!

 

If you want to create an Insider Guide like these (standalone guides here: vrbo.com and homeaway.com; and how they appear on listings on vrbo.com and homeaway) simply follow the instructions here for HomeAway owners or these ones for vrbo owners. Or just check out some of the awesome guides below:

 

 

Guide to Honokeana Cove in West Maui

Guide to to San Francisco and East Bay

Guide to Ilmington and the surrounding area

Guide to Greater San Diego


And if you want to start managing your VRBO, HomeAway, or HomeAway UK listing from your iPhone, open up itunes, and search on "homeaway vacation rentals" or learn how to get it here. Or if you are reading this on a mobile device, go here.

 

We hope to see you next year at the summit!

 

 

8

Online Booking is Live

Posted by brian.sharples Nov 1, 2012

As you probably know, HomeAway’s mission has always been to make finding and booking a vacation rental as easy as booking a hotel. With our latest product release, I believe we’ve made great strides towards achieving that goal and am pleased to announce the introduction of online booking on HomeAway.com and VRBO.com.

 

With online booking, travelers have the convenience of paying securely online, and the booking process is more streamlined for both you and your guests. While we are aware that this particular release isn’t a “win” in the innovation category, it is a relatively new offering in the vacation rental industry and will indeed be a game changer for some guests.  

 

As we’ve posted in the past, the Internet has fundamentally changed the way we do business. We demand speed and convenience, and the ability to pay online by credit card makes booking a vacation quicker and easier. Plus, it enables travelers to finance vacations, accrue credit card reward points and feel confident in their purchase. Online booking delivers this to the vacation rental category.

 

Because we know conversations between owners and travelers are so important to the reservation process (in fact, 70% of travelers said it was the best part), we made sure to include a review period so there’s time to answer any questions they have about the property or questions you have of them. 


The product is an extension of ReservationManager™, which enables you to accept credit card payments and eChecks through our secure interface. Online booking is a free service, but because we understand you demand choices in terms of how you want to manage your rental business, it is not automatically added to your listing. However, you can easily sign up through the owner dashboard

 

The Nuts and Bolts of How it Works

 

With online booking, prospective renters click the “Book It” button on a listing, which instantly generates a detailed quote and enables travelers to agree to your rental contract (which you store ahead of time).  Travelers then submit their payment information directly from your listing and you are notified about the request. You have up to 24 hours to accept or decline it.

 

When you accept a reservation, the payment is processed immediately and your availability calendar is updated accordingly. Any additional payments are automatically scheduled and invoiced, reducing the manual work involved with confirming a guest.

 

If you aren’t able to confirm a booking within the 24-hour period, ReservationManager will automatically decline the reservation request and the traveler will not be charged.

 

To learn more, check out the video below:

 

 

 

Again, while it’s not a required service, I highly encourage you to take a look at the product and see if it’s for you.  We know travelers want a simpler, easier way to book a vacation home and online booking solves that problem. Ultimately, we believe it is the right choice to delight travelers, simplify the booking process for you, and make the entire vacation rental category more efficient and competitive.  As always, we welcome your feedback.

2

Phighting Phishing

Posted by thale Apr 25, 2012

The phishing storm is brewing

 

The vacation rental industry gathered in Austin, Texas last weekend for the HomeAway Summit. Owners, Property Managers, HomeAway staff, and HomeAway partners discussed the state of the vacation rental industry, saw old friends and made new ones, and compared notes.

 

But this year, a new word entered the conversations in the halls, over drinks, and in the content of the Summit: phishing.  Phishing, loosely defined, is the attempt by criminals to steal your online identity, most frequently via accessing your email account. While our industry continues to thrive, the threat of hackers gaining access to owners’ or property managers’ email accounts continues. If we do not pull together to fight this threat, it will affect the way travelers feel about the vacation rental industry, and ultimately, about booking your property. A storm is brewing.

 

For some, the storm has already come – just ask anyone who has had their email password phished. Scammers have intercepted inquiries, and ruined vacations by stealing money from trusting vacation rental travelers.  Owners and property managers have had to scramble to re-secure their email accounts and protect their reputations. And the reputation of the vacation rental industry is in question.

 

For most, the HomeAway Summit marked the first time that they ever heard of phishing, but they understood how both owners and travelers are at risk because of our industry’s reliance on trusted communications via email. (If you are not familiar with phishing, click here for an overview of how it happens, or read Carl Shepherd’s post on phishing.

 

Today, losses due to phishing are small: in Q1 2012, phishing scams affected less than 0.1% of travelers who found a vacation rental via a HomeAway website. 

 

But even one ruined vacation or theft of an owner or property manager’s identity is totally unacceptable. Everyone in the vacation rental industry – from owners to property managers to HomeAway – has a role to play in stopping phishing scams.  While phishing may be a relatively small problem in absolute numbers, recent activity tells us that the phishers are getting smarter and more travelers, owners, and managers are being affected.  It is clear that scammers and criminals have figured out that the vacation rental industry is a great target.

 

Why? Because:

 

  • the standard practice in the vacation rental industry is for travelers to pay large amounts of money for vacation rentals, long before the stay and sight unseen;
  • not everyone understands or uses safe and secure payment methods;
  • many people conduct their business in email accounts from email providers that have been repeatedly compromised; and
  • cybercriminals are good at exploiting communities that rely on trust and a personal connection.

 

Phishing is not new; vacation rentals are not the first industry to be targeted by cybercriminals. Phishers have attacked many online industries ranging from online auctions, banking, social media, travel, e-commerce, even medical and government institutions, impacting major brands like eBay, PayPal, Barclays, Wells Fargo, Chase, and Bank of America.

 

Everyone of us in the vacation rental industry has a lot at stake, and we will all need to work together to stop phishers.  You can do your part by guarding your email password with the same care as you protect your social security number, your bank account, and your most valuable possessions.

 

Our vision on how to fight phishing

 

So what can HomeAway do to fight phishing?  To be clear, we’ve been fighting scammers ever since HomeAway was founded.  But as we look ahead, we have come to the conclusion that HomeAway needs to take a strong stance against phishing.

 

We believe that we can fight phishing by:

 

  • safeguarding the traveler’s money by providing safe payment methods protected by strong security, such as ReservationManager™;
  • protecting owner and traveler email addresses so that phishers cannot readily target those accounts;
  • continuing to provide secure authentication so that HomeAway can ensure that only legitimate owners, travelers, and managers can access information; and most critically
  • moving interactions between owners or managers and travelers into a secure environment where everyone can be confident they are talking to each other, not a crook.

 

Our vision is that we can create an environment where we can protect owners, property managers and travelers with something we are calling “HomeAway Secure Communication.”  This would be a new system, envisioned only in the last few months, and which is now in development. We plan to make it available starting in the second half of this year.

 

This proposed system is similar to sites you may use, like Facebook, LinkedIn and others, where authentication is required by both parties before they can connect. On these sites, once two parties have decided to “trust” each other, they can converse via email. But until trust is established, they CAN still communicate keeping key elements of their identity protected.

 

In our vision, owners and travelers would still receive notifications and messages from each other via email and text message, but they need to reply via a secure system that does not disclose their email address.  This way, HomeAway would be able to ensure the legitimacy of the owner or property manager and the traveler.

 

We’ve already started: we showed one early prototype of HomeAway Secure Communication at the Summit during the HomeAway Sneak Peeks session. We demonstrated how the system will enable owners and property managers to:

 

  • communicate safely with travelers and only reveal their email address when they choose to;
  • have a persistent record of the conversation, payments and other events that have occurred;
  • manage their conversations, bookings and payments via mobile app; and
  • reduce manual and repetitive work for responding to inquiries, sending information about properties and managing bookings and payment.

 

We recognize that many of our customers rely heavily on email to manage their interactions with travelers. We also know that a system like this will represent a significant change for many owners and managers.

 

But it is precisely because your email account is so critical to your business that it must be protected.

 

We are highly sensitive to the needs of our customers and are aware of the scope of change that this solution represents. We are also laser-focused on making this solution as convenient and beneficial as possible; but we are counting on you, our customers – property managers and owners – to help us design and implement a solution that improves the efficiency and effectiveness of responding to inquiries and managing communications with your customers – the travelers.

 

We’re doing something different than what we normally do. We are announcing our intentions and inviting our community and customers to participate in the process of creating a solution because we believe it is critical to your future success as an owner or property manager: if travelers don’t trust, they will not rent. 

 

And if you have ideas, you can give us your feedback directly by emailing us at secure-feedback@homeaway.com or via the feedback links on all of our sites. While we don’t respond to every email we get, we do READ every one. 

 

If you want to learn more about our vision for HomeAway Secure Communication, check our FAQ here.

 

And please sign up for the Secure Communication group on Community from HomeAway  to join the discussion – we’ll post updates there as we go forward.

 

What can I do now to fight phishing?

 

We all have to pull together to fight phishing. HomeAway has worked hard to educate the industry via emails, messages on our website, and via the Security Center. We continuously invest in technology to actively monitor fraud, to surface suspicious activity, and to harden our systems and protect our customers. More recently, we have introduced new products, such as ReservationManager and Traveler Profiles, and processes such as Phone Verification to support safety.

 

Here are a few steps you can take now to join in the fight:

 

  1. Educate yourself – visit our Security Center to learn about phishing
  2. Read our FAQ to learn how to spot fraudulent inquiries
  3. When you receive a suspicious inquiry or email, please let us know
  4. Accept safe payment methods like those offered through ReservationManager
  5. Include an up-to-date phone number on your listing. We recommend that travelers call the telephone number published on your property listing page to confirm their reservation and payment details
  6. Use two-factor authentication on your email accounts. See this article on how. http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html
  7. If you list on vrbo.com or homeaway.com - log into your dashboard to check your inquiries to make sure you (and not a phisher) are receiving your inquiries.
    Never enter your email password on any webpage via a link sent to you by email, or even if a login page that looks like your email provider’s website pops up unexpectedly.  Always go to the email provider’s website to log in
  8. And don’t ignore warning signs or red flags - if you have a bad feeling, it never hurts to double check

 

Together we can fight this threat to the vacation rental industry, and we’re counting on you, just like you count on us.

 

Sincerely,

Tom Hale

Chief Product Officer

0

Phishing is a way criminals attempt to acquire your personal information such as usernames, passwords, bank accounts and credit card details. phishing.jpgCriminals do this by masquerading as a trustworthy entity in an electronic communication to which you respond. The simplest form of this is when the crook creates an email that has the exact look of an email from a company you trust, but, when you click on it, you go to a website that is not hosted by the company, but instead, is a phony website designed to get you to sign in using your username and password from the trusted site. HomeAway members make an attractive target for “phishers” because the average transaction value for a stay at a vacation rental is significant. A crook with access to a HomeAway member’s email account username and password is a recipe for disaster.

 

HomeAway has invested in trust & security technology, people and processes to help protect consumers against criminal activity on our sites. We cannot disclose the details but we are very successful in identifying fraudulent listings; in Q1 2011, less than 0.01% of our worldwide listings were both fake and cost a traveler any losses. It is our responsibility to keep fictitious listings off our site so we offer both the free basic rental guarantee and the purchasable Carefree Rental Guarantee to protect travelers from outright Internet fraud we could have prevented.

 

But HomeAway cannot prevent criminals from phishing your personal email account because it doesn’t occur on our site. Therefore, the traveler loss that arises from an owner giving his email password to a criminal is the owner’s responsibility. Your house is real and you are in the business of renting it. When the criminal uses technology to step between you and your customer, they are effectively standing at your virtual cash register while you are out of the store.

 

HomeAway has made it difficult to phish our accounts, but crooks are clever, which is why we continually improve our own security processes. But there is no technology available to us that will keep you from giving a phisher the username and password to your personal or business email account.

 

Like all Internet companies, HomeAway needs you, the advertisers, to do your part to make our websites and this industry safer for all travelers, who are your potential guests.

 

If a phisher can get your username and password for the email account you use to communicate with travelers, they can use this information to steal from travelers.

 

Two Victims

 

Phishing results in two victims. The traveler loses money and often their vacation as well. At the same time, the owner/advertiser has had his online identity stolen, and that thief has not only access to his customers, but to all the information he keeps in his email account.

 

Because the owner is a victim, too, it’s perhaps understandable that some owners do not believe they bear responsibility when their email account has been used to steal from a traveler.

 

In our view, it is the owner’s responsibility to provide restitution when his email password has been phished. After all, the email account was used to steal from a traveler who responded to an email from your email account and but for the criminal getting access to your email account the traveler would not have experienced any loss.

 

HomeAway’s guarantees do not apply to traveler losses due to the theft of your identity via phishing. We have no way to stop your email account from being phished. Only you can do that.

 

Protect Yourself from Phishing:

 

  1. Never share your email account password to anyone.
  2. Only enter your email username and password after verifying that you are on the website of your email provider. Check the URL. If you want to respond to a request that came via email, open a new browser window and go to your email provider’s website to sign in. 
  3. Only change email information after initiating a session with your email provider. 

    

Help Protect Travelers:

 

  1. Do not ask a traveler to wire money via Western Union or another third-party service.
  2. Sign up for a merchant account and accept credit cards. HomeAway offers one through Reservation Manager, but if doesn’t meet your needs; use one of your choice.
  3. Respond to telephone calls promptly. Travelers often want to speak to you before they pay; the call could be your first notification that you’ve been phished, and crooks have better odds when they can get to the traveler first.

    

HomeAway’s Policy Regarding Phishing

 

While HomeAway cannot prevent a phisher from tricking you into giving up your username and password to your personal email or HomeAway account, we will continue to do all we can to insure a fair and trusted marketplace.  It may sound harsh, but listings from owners who ignore their role in maintaining a marketplace that is safe for travelers are not welcome on our websites.

 

When we have reason to be concerned your email account may have been phished, we try to move quickly to limit the possibility that travelers are harmed; we need for you to move quickly, as well. This is how the process works:

 

  1. When we receive information indicating either your HomeAway or personal email account has been compromised, all of your listings will be suspended. This is to keep unsuspecting new travelers from falling victim to the thief.
  2. We will work with you to verify which of your accounts has been compromised. Sometimes the information we have received from a traveler is wrong; in that case, the listings will be reinstated as quickly as possible.
  3. Once we’ve verified your email address has been phished, we will notify every traveler who has inquired on your property so they can avoid sending money to the thief.
  4. If a traveler has paid a thief using the email address you placed on file with HomeAway before receiving a warning notification from HomeAway, it will be your responsibility to either reimburse that traveler for verified losses, or to provide some sort of in-kind value (a free stay at another time, for example) to the traveler.
  5. If you choose not to work with or provide restitution to the traveler, then your listings are at risk of being removed from or not reinstated on HomeAway websites.  This is a determination we make in our sole discretion on a case-by-case basis in order to make our websites and this industry safer for all travelers.

 

Warm Regards,

 

Carl Shepherd

Co-Founder and Chief Strategy and Development Officer

 

** UPDATE **

 

The TODAY show   recently highlighted a case in which  some travelers experienced fraud in Fort Lauderdale, Fla.  Luckily their story had a happy ending, but we wanted to share it with you as a reminder to always protect yourself online.  When booking a vacation rental, always remember do the following:

  • Pay with ReservationManager from HomeAway, whenever possible
  • Pay by credit card, check or bank transfer, and never by cash or wire transfer
  • Call before you pay - After you send an inquiry, call the homeowner or property manager via the phone number on the listing to confirm they've received your reservation request

Also, we wanted to update you that as of now, the HomeAway Carefree Rental Guarantee now covers phishing incidents.  For more information, visit http://guarantee.homeaway.com