Skip navigation

Join the Vacation Rentals Conversation!

Get answers to all of your questions from fellow owners and travelers.

Join the CommunityX

CommunitySeek, Ask, and Share in the Vacation Rentals Community
6949 Views 13 Replies Latest reply: Sep 30, 2012 3:15 PM by anja RSS
Currently Being Moderated

Feb 8, 2012 3:22 PM

VRBO sends email to prospects after hack

Several of my guests have reported receiving the following email from VRBO. The hack of my account occurred two weeks ago. One guest had inquired as far back as August! For the record, while VRBO would like to believe the scammers hacked my email account, I contend that VRBO itself was hacked. Anyone involved in such an incident, whatever the cause, should be aware that these emails might go out to your people:

 

 

---------- Forwarded message ----------

From: VRBO Customer Support <support-cs@vrbo.com>

Date: Wed, Feb 8, 2012 at 00:00 PM

Subject: Urgent Notice –  Listing # 00000

To: xxxx@yyyy.com

 

 

Website: VRBO.com

Property number: 00000

Description: Omitted

 

Dear Traveler,

 

You recently sent an inquiry for the above referenced property. This property can be found by entering the vacation rental listing number in the search box on the homepage.

 

It is possible that you may have been affected by a breach of an owner’s or property manager’s account or email account. When we learned of this potential breach we moved promptly to suspend the owner’s or property manager’s listings and put them through a process to reinstate their listings on our site with a revised account.

 

If you are still interested in this property or if you have booked this property, please recontact this owner or property manager through the inquiry form on the listing, which will route your communication to the revised account. Alternately, you may call the advertiser directly if a phone number is displayed on the listing.  Please be careful about your means of payment and we advise against sending any payment details (such as credit card information) by email.

 

As always, please feel free to contact us should you have any questions.

 

 

Kind regards,

VRBO.com Trust and Security

  • sophie Senior Contributor 969 posts since
    Mar 4, 2011
    Currently Being Moderated
    Feb 8, 2012 4:56 PM (in response to cmballer)
    Re: VRBO sends email to prospects after hack

    I think it's a good thing that these go out to people that have inquired on a property/email that was hacked. You admit that your account was in fact hacked.  It's the right thing to do for the safety and security of the renters.

  • iopbeachhouse Community All-Star 455 posts since
    Aug 10, 2011
    Currently Being Moderated
    Feb 8, 2012 6:33 PM (in response to cmballer)
    Re: VRBO sends email to prospects after hack

    While I agree with Sophie that people should be informed, my problem with the way this is being handled is that the owner is shut down and NOT notified. They really need to call the home owner immediately and help them get everything secure to open their site back up. It took me a week to discover my sites were gone and then another week working with the security department to get everything fixed and back up.

    • sophie Senior Contributor 969 posts since
      Mar 4, 2011
      Currently Being Moderated
      Feb 8, 2012 8:09 PM (in response to iopbeachhouse)
      Re: VRBO sends email to prospects after hack

      Agree 100%.  They should notify you BEFORE they take the site down so you can prepare and get things fixed to have as little interruption as necessary.

      • shannon.martin Contributor 221 posts since
        Feb 23, 2011
        Currently Being Moderated
        Feb 9, 2012 12:00 PM (in response to sophie)
        Re: VRBO sends email to prospects after hack

        HI All,

         

        To address your concerns, if someone other than the owner contacts us about a potential hack to the owner's email account, we contact the owner via phone within 24 hours (as email is not secure) and take their listing down until we reach them. We let recent inquirers know they should contact the owner via phone.

         

        If the owner lets us know they have been hacked (as in this case), we still send a notice to recent inquiries letting them know they should phone the owner at the number on their listing as a safety measure (per the email above).

         

        I hope this helps clarify!

         

        Shannon

          • shannon.martin Contributor 221 posts since
            Feb 23, 2011
            Currently Being Moderated
            Feb 9, 2012 12:32 PM (in response to cmballer)
            Re: VRBO sends email to prospects after hack

            Hi Clint,

             

            I apologize that our team dropped the ball in the process here - we've had a high volume of issues reported lately, so be assured we're working on improving this! Our head of Trust and Security has seen this thread, so I know she's addressing it with her team.

             

            Thanks,
            Shannon

            • New Member 3 posts since
              Feb 28, 2012
              Currently Being Moderated
              Mar 1, 2012 10:20 AM (in response to shannon.martin)
              Re: VRBO sends email to prospects after hack

              Shannon,

               

              Can you be absolutely certain that these breaches have nothing to do with your website and the way it operates?  It seems as though this is happening an awful lot, across the country and across your different network of websites.  While I understand in the end the property owner's email is the one that has been compromised, how is your security team so sure that none of this has to do with your website?

               

               

              I just found that the email address that duped me (which was reported to your security team) has also just been reported on another thread in this community forum nearly a week after my incident.

               

              It's hard to believe that you have not taken more appropriate steps to help property owners fix and/or prevent this sort of thing happening.  This seems to be an increasing problem but yet your company seem more inclined to turn a blind eye and wash your hands of it - at the same time blaming the owner of the email. 

               

              I really think your security and web team need to take a closer look at the web design, security, and other available options to make this a more secure experience.    

              • Active Contributor 295 posts since
                Jun 9, 2011
                Currently Being Moderated
                Mar 1, 2012 3:37 PM (in response to brian.murray)
                Re: VRBO sends email to prospects after hack

                It is lamentable this phishing scam continues unabated and HomeAway seems unable to go all the way to put a stop to this when it is clearly in their ability to do so. The measures they have taken so far are negligible and rated very poorly in arresting the problem, that is why this phishing scam continues after six plus months now, and the Scammers are laughing their heads off all the way to the bank and wishing HomeAway won’t take this seriously and continue with their ineffectual security practices.

                 

                It’s about time HomeAway take a more serious look at this phishing scam and come up with a foolproof Inquiry System guaranteed impregnable to phishing attempts.

                 

                One method I’ve alluded to in another thread is to use an annonymized (cryptic) email address for both the Inquirer and Owner on both their first email to each other (Inquiry & Owner’s response). Subsequent emails can be directly to each other with email addresses revealed. This is how Craigslist is able to secure their Email Inquiry, so why not HomeAway?

                 

                Please take this seriously HomeAway! If news of phishing scam victim continues, it means your security measures are not working. When will you ever accept this incontrovertible fact?

                • New Member 2 posts since
                  Sep 28, 2012
                  Currently Being Moderated
                  Sep 28, 2012 12:55 AM (in response to tfv)
                  Re: VRBO sends email to prospects after hack

                  Our VRBO account was hacked this week and VRBO refuses to be accountable. Their letter which went out to all of our customers & inquiries tried to blame us  I contacted our account manager at VRBO because we had received several emails that were very concerning.  We advertise 30 properties! That is a lot of advertising dollars, yet no one would call me back today. A third party hacked into the VRBO system and retrieved inquiries on several of our properties. Then, the intruder sent an email stating that the property was available and to send them $3000. Without telling us, VRBO sent out a bulk email today to hundreds of our inquiries, which said that OUR email account may have been compromised. “property manager may have unknowingly and inadvertently had their

                  email account compromised”  This problem is on THEIR WEBSITE!  Our email account is fine! But VRBO HAS SECURITY ISSUES!!!! They recently installed new software and they have had problems since then. We have had non stop calls from clients who are panicking.

                   

                  The next problem, was even more embarrassing. In their “Urgent Notice”, they gave out an incorrect telephone number for our office.  As it turns out this is some illicit phone sex number! After several customers called about it, I called it to see what it was. OH MY GOODNESS! ITS REALLY BAD! Furthermore, because I called from my cell phone, I then received several illicit text messages!!!  So did every single customer of ours that dialed that wrong number from a cell phone.

                   

                  I called and emailed VRBO today with no response. They are a monolopy and they know it. Something needs to be done legally to protect our consumer rights.

                   

                  VRBO has been a trusted advertising site for many years and we have used them exclusively for marketing our properties for many years. But their mistakes on our account and lack of security are inexcusable right now.  THERE IS ZERO CUSTOMER SERVICE! The damage that has been done to our credibility is serious, and they are to blame. Unless and until we can receive complete assurances from them, as well as, accountability for the harm they have done, we will keep our listings off line.

                  • carol Senior Contributor 2,153 posts since
                    Dec 10, 2010
                    Currently Being Moderated
                    Sep 28, 2012 1:42 PM (in response to alohadebbie)
                    Re: VRBO sends email to prospects after hack

                    Can you explain how you are sure that the VRBO account was hacked?   It's more common that email is hacked -- I'm  not saying it's impossible to hack VRBO, but it's less common than email because they will ask a security question if someone tries to log in from a new IP address. 

                     

                    Here's a way to check -- look at an inquiry in your dashboard (if you can get to your dashboard) that came in while the hacking was underway.   Did that inquiry make it to your email's inbox?  If yes, you may be right that VRBO was hacked.  But if you never saw it in your inbox, it would be a classic email hack with the bad guy logging in to your email and setting a filter or redirecting your VRBO inquiries to his account so that you never see them in your inbox.  Check your email for any odd filters that could have redirected email.

                     

                    I'm so sorry this is happening to you -- I hope it gets cleared up soon and no travelers were scammed. 

                    • New Member 2 posts since
                      Sep 28, 2012
                      Currently Being Moderated
                      Sep 28, 2012 10:38 PM (in response to carol)
                      Re: VRBO sends email to prospects after hack

                      Hi Carol,

                      Yes we did receive the email in our inbox and we replied to them.

                      Some of them already had reservations!

                      Which is why I think VRBO was hacked.

                      After 2 days I finally got to talk to a customer service rep!!!

                      Aloha,

                      Debbie

                       

                      AlohaDebbie Properties

                      alohadebbiepuako@aol.com

                      808.989.7773

                      • carol Senior Contributor 2,153 posts since
                        Dec 10, 2010
                        Currently Being Moderated
                        Sep 29, 2012 3:34 PM (in response to alohadebbie)
                        Re: VRBO sends email to prospects after hack

                        Wow, it seems you may be right that the hacking was through VRBO instead of your email.   I hope this is a rare thing and that it gets straightened out quickly.

                      • anja Senior Contributor 1,560 posts since
                        Aug 9, 2011
                        Currently Being Moderated
                        Sep 30, 2012 3:15 PM (in response to alohadebbie)
                        Re: VRBO sends email to prospects after hack

                        Hi debbie...

                         

                        Think for a moment and try to remember whether you (or your biz colleague) ever received an email from HA-VRBO Customer Service ...on the topic of  "your problem signing into your account"?   I ask because I just read another thread a moment ago in which two Community Forum members stated they received such emails ...in the middle of the night...supposedly from Customer Service referring to "signing in" problems.....only the members never reported  "signing in problems" to Customer Service!

                         

                        While we wait for someone at CS to clarify whether they sent such emails out....I'm wondering if you can recall ever receiving an email from CS ... and if so, did you respond to it....?....did you get any assistance from someone allegedly from CS to log into your account?

Not a member?

JOIN THE COMMUNITY

Register Now

More Like This

  • Retrieving data ...

Bookmarked By (1)