Skip navigation

Join the Vacation Rentals Conversation!

Get answers to all of your questions from fellow owners and travelers.

Join the CommunityX

CommunitySeek, Ask, and Share in the Vacation Rentals Community
Up to Discussions in Scams
5252 Views 14 Replies Latest reply: Sep 1, 2012 11:42 PM by info@stayattremblant.com RSS
tfv Active Contributor
tfv
281 posts since
Jun 9, 2011
Currently Being Moderated

Feb 25, 2012 2:16 PM

musing on ways how VRBO/HomeAway can secure (foolproof) Email Inquiries

I’ve been musing on ways how VRBO/HomeAway can secure (foolproof) Email Inquiries, and this is what I’ve come up with. Perhaps VRBO/HomeAway might consider this.

 

With this system, Owners will be able to view Traveller’s Inquiry using one of two methods depending which criteria they meet. There is no other way to view Inquiry outside of these two methods.

 

1st Method:

Owners with two forwarding email addresses for Inquiry Notification may continue to receive inquiries via email (after an initial and one time certifying that they are using different passwords for each).

 

2nd Method:

Owners with only one email address will receive an email notification advising them they have an Inquiry and to view it they have to login to their website via their normal method. Once they login, a pop-up window will come up letting them know they have an inquiry and to answer a security Question to view the inquiry. After successfully answering the security question, it takes them to the Inquiry Page. They can then choose to reply from the website, or click on a link to force open their preferred email client or email web browser.

 

Of course the 2nd method is tiresome, but Owners can easily create a secondary email address to be able to use the 1st method.

  • kiawahcottage Community Ambassador
    kiawahcottage
    230 posts since
    Jan 1, 2011
    Currently Being Moderated
    Feb 24, 2012 9:05 PM (in response to tfv)
    Re: musing on ways how VRBO/HomeAway can secure (foolproof) Email Inquiries

    Hey Tfv,

     

    They already have something like this, its just a little obscure and its kind of hard to find.

     

    On VRBO you can set up a secondary e-mail address to receive inquiries.  Go to edit on your VRBO and then go to the contacts tab.  I think it would be pretty hard for scammers to get both emails.  For me I use my wife's e-mail for the secondary.  She checks with me if she sees an inquiry.

     

    On HA they have a text message alert.  Under listing editor, contacts, you can add text alerts to your cell phone.  My cell gets an alert when an inquiry comes in.

     

    This would protect you from a e-mail hijacker but probably not from a keylogger attack. We do need more information...

     

    Paul

  • tfv Active Contributor
    tfv
    281 posts since
    Jun 9, 2011
    Currently Being Moderated
    Feb 25, 2012 12:58 PM (in response to tfv)
    Re: musing on ways how VRBO/HomeAway can secure (foolproof) Email Inquiries

    To those who are not aware of recent phishing scams that has been appearing in the last couple of months, here is the gist of the scam.  I’ve been racking my brains lately for ideas on what HomeAway might do to counter this type of scam, hence this “mussing....” thread for anyone to make their suggestions. If you have any of your own, say it here. Maybe they will listen.

     

    These attacks are specifically targeting Owners (or Property Managers) with ads at VRBO/HomeAway in particular (but can really be any) using known free web base email accounts (i.e. Gmail, Yahoo! Mail, Hotmail and Windows Live email addresses). What is happening is the bad guy is sending Owners an inquiry generated from the VRBO/HomeAway Owner’s webpage listing to learn the Owner’s email address. Once the bad guys has the Owner’s email address, he sends a fake email inquiry (not generated at the Owner’s website) directly this time to the Owner that includes a VRBO/HomeAway in the subject line and looking like a normal or official inquiry. The email includes a link to “View Message”, and when clicked, the Owner is sent to a page telling him that his email session has ended and that he needs to log back in and presents him with a login page (a fake one) that looks almost identical to an official login of the Owner’s email provider to trick the Owner to login, thereby capturing (phishing) the username and password. They could then login to the Owner’s email account and create filters to redirect any VRBO/HomeAway Inquiries to the bad guy’s account so that it never shows up in the Owner’s inbox... at which point they start corresponding with the travelers that sent Inquiries, convincing them they are the Owner and giving travelers a discount and instructions on where to send the money (always via wiretransfer, their modus operandi) for their stay – all via email. The Real Owner is unaware this is happening, unless and until the Traveler has been duped in sending the money and calls the Owner.

  • sodamo Contributor
    sodamo
    258 posts since
    Nov 5, 2011
    Currently Being Moderated
    Feb 25, 2012 1:58 PM (in response to tfv)
    Re: musing on ways how VRBO/HomeAway can secure (foolproof) Email Inquiries

    Perhaps a simple way...

     

    Potential renter sends inquiry through VRBO

    That triggers email alert from VRBO owner using email or text to owners choice of address on file.

    Owner logs in to VRBO to retrieve inquiry using either account password or perhaps an inquiry only password.

    Owner chooses to respond directly or through reservation manager.

     

    Set up property the time difference should be in just minutes at most.

    Owner still has total control and chooses what level of info goes through VRBO after completing initial contact.

     

    David

Not a member?

JOIN THE COMMUNITY

Register Now

More Like This

  • Retrieving data ...

Incoming Links

Bookmarked By (0)