Community: Message List - Have you ever received an inquiry that you thought might be bogus?

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Thu, 23 May 2013 10:10:45 GMT

I see. For me hitting reply to the email, on Flipkey sends the message back though the Flipkey messaging system without logging in ... For Flipkey I also direct email as sometimes if I am attaching more than one Villa File I go over Flipkeys attachment limit of 5MB.

With Homeaway I am unsure whether my reply goes through their site or not... don't think so because when I hit reply to the Homeaway inquiry it goes direct to the Inquirer's email because I always add the inquirer to my contacts list at the same time. I only ever log into my Account to change or update the calendar or the rates or to cross check my Inquiry Log.

Inquiries have been known to go missing. From what our affected property owners [the properties actually fraudulently booked] tell us is that the Original Inquiry is not on their Homeaway Inquiry Logs. Nor did these property owners ever receive the inquiry notification email from Homeaway.

But we have victims that did receive a Confirmation of Inquiry on the property that was used. I thought maybe it was what you were talking about that happened to you but then I couldn't figure out how the inquiry was also missing from the Homeaway Account Inquiries Log. How could these 2 places miraculously be missing this inquiry at the same time, unless Homeaway was also breached at the exact same moment. The victim definitely made an inquiry in this case because she sent me the Inquiry Confirmation. Homeaway claims it is spam removal. Pretty big coincidence that it keeps happening to each new victim... maybe there is some breach in Homeaway in the spam files.... OK techies... help me out here.

or maybe I am totally off the mark in my logic

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Thu, 23 May 2013 09:05:13 GMT

In the specific case you're referring to it may have been something different like you were talking about before. However, what I was referring to was mostly for owners (like me) who don't log in to get their inquiries and instead handle all responses from their outside e-mail address. I don't want to have to log into my inquiries each time and I use my main mail program to archive, sort and refer to inquiries received and responses I sent from all my advertising sites in one place. Also, originally in the past, many listing sites just linked to an outside e-mail address to the owner before they started going through their own system of delivering inquiries without showing the owners e-mail address on their listings or when they send their initial inquiry.

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Wed, 22 May 2013 23:41:53 GMT

Yep... that is why I am glad you are here swlinphx. You are right. The only thing it does is hinder them from getting into your homeaway account. Let me ask you something. The Homeaway Inquiry Logs are also showing that no Inquiry was sent to the advertiser whose property was used as the rented property for the scam. If the owner of this property never received an inquiry then how could pfishing his email get the travelers details? Thanks swlinphx... I watch for all your posts. Cheers

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Wed, 22 May 2013 18:23:24 GMT

The email address for logging in to your Homeaway account should be a different email address to the one that you have your inquiries sent to. As a further precaution the email address you use to reply to inquiries should be a different one than either of the 2 above.

Okay, so what if you do that but the e-mail address you receive inquiries from is hacked? All they need do is forward that address to their own, delete the message from the server and then respond with their own address. This does nothing to prevent someone from posing as you and continuing on the conversation with the inquirer without your knowledge because they set the e-mail account to delete the message from the server once received so that you will never receive it. This happened to me, but not with regard to vacation rentals.

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Wed, 22 May 2013 01:25:31 GMT

This is not only a great idea it should be made compulsory. The email address for logging in to your Homeaway account should be a different email address to the one that you have your inquiries sent to. As a further precaution the email address you use to reply to inquiries should be a different one than either of the 2 above.

But how many people will really do this? Very few until THEIR property is falsely rented out by the scammers.

And this property that was used to rent by the scammers will NOT be the property that was pfished. The scammers now, in order for these pfished properties NOT to be detected, are pfishing properties on one site Homeaway... and sending links to ads on Flipkey that are to be used to rent to victims... and vice versa. Originally the scammers pfished a property and and used that same property to rent to the victim. Homeaway was able to shut this down upon being notified by the victim. Then the scammers phished property A on Homeaway and used property B to rent out to the victims. Homeaway reacted by checking all the properties that the victim inquired with originally [if the victims kept their Inquiry Confirmations they could do this... many victims do not however] and eventually isolate the pfished property A that was being used to get the travelers contact info and travel requirements] NOW the scammers have reacted to their pfished ads being discovered by sending the victims a link to an ad on a completely different site.EG An ad is pfished on Homeaway on Property A. The victim is sent a link to property Z on Flipkey and the Flipkey property is used to rent to the victim. Flipkey immediately asks the victim for a list of all the properties they originally inquired with so they can isolate the pfished or phoney ad. But there are no inquiries... because the original inquiries were made at Homeaway. Being competitors they don't talk to each other and both will be trying to avoid liability. We started a small action group in Bali that has been hit hard. Through a media release we had victims email vacationrentalscamvictims@yahoo.com and send us documentation. We are just a small action group of property owners but we have been inundated with victim reports. Where the victims have kept Inquiry Confirmations we have been able to liase with the 2 websites and send the Original Inquiries to the site where they were made. This should not be our responsibility. Flipkey has been amazing in its support. Homeaway has not. Flipkey in order to minimise the personal loss to victims sent out this alert below to all Inquirers in Bali. At the very least it will identify victims BEFORE they and their families are stranded in a foreign 3rd world country. Will it initally damage the rental business in Bali? Sure it will. Will it help to get travelers to be more security conscious in the long haul; get them to verify the number on the ad and call that and no other number which defeats the scam Sure it will. Will it stop the scammers. NO. Homeaway and the other sites now need to work together and I don't see that happening. Our major focus is to stop the receipt of funds. Presently they go to Barclays Bank which has hundreds of false accounts because their identification process is flawed. Perhaps only a class action suit will get them to lift their game and that is looming.

See below pic alert to Bali by Flipkey click on pic to enlarge... Bali is a small part of this scam. Other badly affected areas are Florida, Paris and the UK. Your tourist spot will become badly affected if just one of the advertisers in your area gets pfished.

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Tue, 21 May 2013 14:01:15 GMT

Hi. I have been receiving more and more dubious email enquiries. I have taken on board the replies from other members.Thank you. I have been in the Internet/Government security business for some 25 years and dealing with the Internet since before it was created back in the DARPANET days, so I have a keen interest in this subject. What is happening to us is potentially quite worrying, and needs to be sorted out, lest the bad guys win, resulting in Owners leaving the community, and Holiday Makers steering clear of the site. This would, most likely, result in the closure of the site, due to zero revenue. We Homeowners need to do our bit for security, and so does HomeAway. For my part, I have difficulty in establishing the true identities of people (Incl. genuine holiday makers) who wish to do business with me. I do the usual background checks, which has worked so far. I'm thinking of ramping up my security checks to include such things as police checks (in country), exchange of passport ID image and data and cross-check to the relevant national passport office, Skype phone call with Image verification: against the passport photo submitted, Facebook and other social media, Fixed land line telephone number, and a Residential address .... It seems to me, that a genuine holiday maker will have a number, if not most, of the following ( which, incidentally could be verified or at least asked for by HomeAway) ...... Full Name, Address, Home phone, Mobile phone, Passport, Drivers licence, Facebook page, LinkedIn page, Entry on the Electoral Register, access to Skype.I am not sure of the technical capabilities of the HA staff, and regrettably have little confidence in their ability to sort the security issues out, in a professional and business like manner, from what I have read in the Forums. I would be happy to discuss these issues with the Security Manager/Officer at HomeAway... you have my email address and tel no. Is anyone else out there thinking of seriously ramping up their security?

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Tue, 21 May 2013 07:33:23 GMT

I could be wrong but I read that GMail is the least safe of all the major sites.. becuase they use unidentifiable proxy servers to route emails. Check it out. Yahoo now has a 2 level security check which I like. First you have a photgraphic sign in seal. If you are diverted or told to sign in againe and that seal is not present you know you are about to be phished. The 2nd level of security sends you a text message to your phone whenever anyone attempts to access your email from other than your normal device, usually at home. If you are elswhere and attempt to access you email you will be sent a text to your phone with a password. You can then log that password in and access your email.

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Tue, 21 May 2013 07:27:48 GMT

The scammers have perfect English and grammar. It is a highly sophisticated scam and not easy to spot.

The comment below... one email for receiving inquiries and a different email for replying sounds good to me

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Tue, 21 May 2013 07:25:16 GMT

great idea.

Re: Have you ever received an inquiry that you thought might be bogus?

community-no-reply@homeaway.com — Wed, 30 Jan 2013 19:36:45 GMT

What happens when your e-mail account gets hacked (as I have had done before). If they get your password or access somehow to the e-mail address you initially receive inquiries from they can respond and forward all that mail so you never knew you got the inquiries. Then they can correspond with the inquirer as if they were you and encourage fraudulent payment, which was the whole problem HomeAway was trying to avoid.

I didn't realize my e-mails were being forwarded to a bogus account for about 5 days when I finally noticed I wasn't getting any mail from one of my accounts. I have them all combined in list view so all my e-mail addresses appear in the same place. Therefore, it is not always immediately apparent if one address has not received mail in a while.