Customize your experience by selecting your role:
Owner, Property Manager, or Traveler
I’ve been musing on ways how VRBO/HomeAway can secure (foolproof) Email Inquiries, and this is what I’ve come up with. Perhaps VRBO/HomeAway might consider this.
With this system, Owners will be able to view Traveller’s Inquiry using one of two methods depending which criteria they meet. There is no other way to view Inquiry outside of these two methods.
Owners with two forwarding email addresses for Inquiry Notification may continue to receive inquiries via email (after an initial and one time certifying that they are using different passwords for each).
Owners with only one email address will receive an email notification advising them they have an Inquiry and to view it they have to login to their website via their normal method. Once they login, a pop-up window will come up letting them know they have an inquiry and to answer a security Question to view the inquiry. After successfully answering the security question, it takes them to the Inquiry Page. They can then choose to reply from the website, or click on a link to force open their preferred email client or email web browser.
Of course the 2nd method is tiresome, but Owners can easily create a secondary email address to be able to use the 1st method.
They already have something like this, its just a little obscure and its kind of hard to find.
On VRBO you can set up a secondary e-mail address to receive inquiries. Go to edit on your VRBO and then go to the contacts tab. I think it would be pretty hard for scammers to get both emails. For me I use my wife's e-mail for the secondary. She checks with me if she sees an inquiry.
On HA they have a text message alert. Under listing editor, contacts, you can add text alerts to your cell phone. My cell gets an alert when an inquiry comes in.
This would protect you from a e-mail hijacker but probably not from a keylogger attack. We do need more information...
I know, I was the one that reminded everyone they can use 2 email addresses in another thread. The mussing I stated above forces everyone to use Method #2 unless they indicated 2 email addresses. At least with the above system, it creates multiple layers of security making it difficult for scammers to penetrate.
==> "This would protect you from a e-mail hijacker but probably not from a keylogger attack. We do need more information..."
Reply: Yeah, the onus is on Owners to perform anit-virus scan regularly to secure their computers from keylogger virus planted in their computer.
I could not agree with you more.
I too, have two e-mail notifications. One with my regular e-mail and one just for VRBO! Works great if you want to find an old e-mail from a VRBO customer.
To those who are not aware of recent phishing scams that has been appearing in the last couple of months, here is the gist of the scam. I’ve been racking my brains lately for ideas on what HomeAway might do to counter this type of scam, hence this “mussing....” thread for anyone to make their suggestions. If you have any of your own, say it here. Maybe they will listen.
These attacks are specifically targeting Owners (or Property Managers) with ads at VRBO/HomeAway in particular (but can really be any) using known free web base email accounts (i.e. Gmail, Yahoo! Mail, Hotmail and Windows Live email addresses). What is happening is the bad guy is sending Owners an inquiry generated from the VRBO/HomeAway Owner’s webpage listing to learn the Owner’s email address. Once the bad guys has the Owner’s email address, he sends a fake email inquiry (not generated at the Owner’s website) directly this time to the Owner that includes a VRBO/HomeAway in the subject line and looking like a normal or official inquiry. The email includes a link to “View Message”, and when clicked, the Owner is sent to a page telling him that his email session has ended and that he needs to log back in and presents him with a login page (a fake one) that looks almost identical to an official login of the Owner’s email provider to trick the Owner to login, thereby capturing (phishing) the username and password. They could then login to the Owner’s email account and create filters to redirect any VRBO/HomeAway Inquiries to the bad guy’s account so that it never shows up in the Owner’s inbox... at which point they start corresponding with the travelers that sent Inquiries, convincing them they are the Owner and giving travelers a discount and instructions on where to send the money (always via wiretransfer, their modus operandi) for their stay – all via email. The Real Owner is unaware this is happening, unless and until the Traveler has been duped in sending the money and calls the Owner.
Perhaps a simple way...
Potential renter sends inquiry through VRBO
That triggers email alert from VRBO owner using email or text to owners choice of address on file.
Owner logs in to VRBO to retrieve inquiry using either account password or perhaps an inquiry only password.
Owner chooses to respond directly or through reservation manager.
Set up property the time difference should be in just minutes at most.
Owner still has total control and chooses what level of info goes through VRBO after completing initial contact.
Here is a foolproof Inquiry system I had just thought of.
Traveler sends an inquiry through VRBO/HomeAway website like normal.
Owner receives the Email Inquiry from VRBO/HomeAway with all the information in it except the Traveler’s email address is anonymized (cryptic) to prevent the Owner (or receiver) from directly responding to the Inquirer (Traveler) in this initial email inquiry.
When Owner hits “reply” (from his email program), compose his reply and sends it, it is channelled through VRBO/HomeAway (because of the anonymized email address) and the following security measures are performed to authenticate the validity of the Owner before it is sent to the Inquirer (done by a computer at the VRBO side).
The extended header information of the Owner is checked (by VRBO's computer) to confirm the following matches, before email is sent to the Inquirer (Traveler):
Subsequent email communications after the above initial ones goes directly to Traveler/Owner.
With the above procedure, it is virtually foolproof.
Will this permit owner to reply outside of Reservation Manager system? When I reply, I strip out all the extra HA/VRBO bs that doesn't apply.
I like this. And this would keep the subject line consistent which presumably allow the maintenance of conversation threads in Gmail that so many of us use to manage communications.
You must be refering to my post #7. Yeah, reading back on my post once again, I'm still convinced it is a good idea and will accomplish communication security between Traveler and owner without abandoning Owner's preference to reply via email and not have to be forced to login to his/her Dashboard.
Those were all GREAT ideas and ones that I think that most people could agree with???
Too cumbersome. The goal should be to never have to log on to a site in order to respond to an inquiry.