Skip navigation

Join the Vacation Rentals Conversation!

Get answers to all of your questions from fellow owners and travelers.

Join the CommunityX

CommunitySeek, Ask, and Share in the Vacation Rentals Community
146179 Views 672 Replies Latest reply: Apr 11, 2014 4:05 PM by swmarketing RSS Go to original post 1 ... 11 12 13 14 15 ... 46 Previous Next
  • lrbaldwin Active Contributor 754 posts since
    Feb 16, 2011

    Maybe it's too late in the day for my brain to be functioning, but here's the way I see it.  Someone sends an inquiry and it gets stopped at H/V. H/V sends us an email notification of the inquiry.  We then have to log in to our dashboard.  Now, if our email has been hacked, at least the hacker can't get access to our dashboard unless he's also hacked H/V.  So it seems as if the communication would be safe for us to get the complete inquiry at that point. I don't understand the idea that it should be necessary for us to respond blindly to an inquiry before we even know if it's 26 18 year olds and 1 25 year old wanting to rent our 4 BR house for high school senior parties. And of course I've said before that I want my initial response to be by phone because that's the way I screen my applicants and let them get to know me.

     

    Now if the email hacker is skimming off our emails and removing them from our email server, then I suppose we won't even know about the inquiry.  That would not be good, but H/A can't control that.  But still, the notification email shouldn't do the hacker any good since he can't log in to our dashboard to see the inquirer's information.

     

    What am I missing here?

     

    Linda

  • anja Senior Contributor 1,555 posts since
    Aug 9, 2011

    Correct!   HA informed this aready in the initial notice they published.  I've been repeating this. Others  have repeated this.

  • anja Senior Contributor 1,555 posts since
    Aug 9, 2011

    This has been stated more than once, Amyg,  by me and  others here who did attend the Webinars and have been trying to shed some light on what was discussed ...because we've been asked to by people on this forum.  At first, I too "worried" but then I realized that I could work with this.  So, just wanted to be reassuring here, in my posts.  And...

     

    ....the main, important thing to understand is that the "new" thing is the  "login"....to retrieve the first inquiry...as HA stated from the beginning. You'll get each other's  full  contact information, in the process...the question is what detail and when {I'd like to know, as others, what "traveler" contact details will be included for the owners to see, in that very first,  initial inquiry?}  The discussion continues with Tom-HA//Security Manager. Attendees gave their feedback to the proposal....the "login" system is in development...discussion is ongoing.

     

    Regardless, what is "unsaid" in the HA notice.... but true...... you and your prospect can both decide, then and there, whether you want to move the conversation outside, by phone and email.

     

    For the purposes of clarity, again....that relates to the "inquiry/calendar" part of RM....which would be the mandated side of RM.   And..

    .  ....the other part of RM is the payment / insurance part....again optional as it always has been...and will remain so.

  • sodamo Contributor 260 posts since
    Nov 5, 2011

    So... trying to take a step back outside the box. and a few thoughts...

     

    As owners, we are victims of phishing - not the culprits.

    As owners, we are a known item to HA/VRBO, when they post our email address, phone # etc to their sites, it has been checked, if they had not gotten their money our info wouldn't get posted.

    As owners, we are to be trusted - HA/VRBO already does and by posting our info imply that we are.

     

    Phishing comes from outside the system, in the guise of travelers.

    Traveler info is not verified, implying not to be trusted.

    HA/VRBO could force a program where every traveler must register to pose an inquiry. Such registration would be invisible to the individual owner, but we would know that a registered traveler is now a trusted traveler.

    Of course this may raise an issue or two from the HA/VRBO standpoint. They would have to declare upfront what happens to traveler registration info, either nothing or it is being mined for HA/VRBO benefit.

     

    A verified, trusted, registered traveler is allowed to email any owner from within the HA/VRBO system without any owner involvement or filter with their email, phone# etc passed to the owner in the initial contact. As another poster suggested, ALL inquiry field must be populated with legitimate data (no blanks or phony numbers) to be passed by the system. A traveler working from within the system is confident of safeguards.

    If you believe an earlier posting: No Smoking = No Phishing = More Custmers.

    We will all be rich and happy (read with sarcasm)

     

    I guess my main point is phishing comes from the non owner (traveler) side of HA/VRBO. Efforts to "fix" should be directed to that side, be transparent, and require NO new action on the part of an owner.

     

    I can't help but wonder if HA/VRBO isn't trying make us look to be part of the problem (same light as the payment badge), even using us to get more info for their databases that we don't need (because we get it for our transaction legitimately anyway).

     

    David

  • wiffle Contributor 217 posts since
    Feb 23, 2011

    Phishing comes from outside the system, in the guise of travelers.

    Traveler info is not verified, implying not to be trusted.

    HA/VRBO could force a program where every traveler must register to pose an inquiry. Such registration would be invisible to the individual owner, but we would know that a registered traveler is now a trusted traveler.

    Of course this may raise an issue or two from the HA/VRBO standpoint. They would have to declare upfront what happens to traveler registration info, either nothing or it is being mined for HA/VRBO benefit.

     

    A verified, trusted, registered traveler is allowed to email any owner from within the HA/VRBO system without any owner involvement or filter with their email, phone# etc passed to the owner in the initial contact. As another poster suggested, ALL inquiry field must be populated with legitimate data (no blanks or phony numbers) to be passed by the system. A traveler working from within the system is confident of safeguards.

    If you believe an earlier posting: No Smoking = No Phishing = More Custmers.

    We will all be rich and happy (read with sarcasm)

     

    I guess my main point is phishing comes from the non owner (traveler) side of HA/VRBO. Efforts to "fix" should be directed to that side, be transparent, and require NO new action on the part of an owner.

     

    David,

     

    In my opinion, there is a fatal flaw in your post. You should never, ever rely on VRBO/HA to determine who is a trusted or verified traveler. There will always be a work-around for scammers, phishers and hackers to masquerade as legitimate customers.

     

    What can HA/VRBO do to verify anyone is who they say they are? No one should be more vigilant in verifying the identity of the customer than you, the one who stands to be out the money, or your possessions, or your identity even.

     

    I do believe that HA/VRBO wants to make us look to be part of the problem. If we answer inquiries through the HA/VRBO system, then we initiate taking our transaction private, which is our right as the business owners, we look (to the naive traveller) like we are stepping outside HA/VRBO's false security system.

     

    In short, we owners should be looking to OURSELVES to take care of our business. Not relying on a "big brother" of questionable ability and motive.

  • sodamo Contributor 260 posts since
    Nov 5, 2011

    Wiffle

    No argument here.

    The way I read some posters here, they see a HA/VRBO solution as a panacea and those of us who do question as "not getting it"

     

    I suspect that whatever system HA/VRBO implements will contain two disclaimers:

    One to limit any HA/VRBO liability, but worded to create the impression of security.

    Two to discredit any communication occurring directly between owner-traveler outside their system as being not as secure.

     

    David

  • info@stayattremblant.com Active Contributor 540 posts since
    Aug 25, 2011

    sodamo wrote:

     

    [...] Phishing comes from outside the system, in the guise of travelers.[...]

     

    Alas, this is not true.  There is no phishing without spoofing and, unfortunately, both owners and travellers can be spoofed.  In fact, I believe the very problem HA is trying to address can be read about here and here.  This is a case of owners being spoofed and a traveller being phished.

     

    I'd say that most of the fake traveller inquiries aren't phishing at all, they are scams/fraud.  An example would be guests trying to pay with fake  cheques and asking for a refund "for a sick mother" before the cheque has cleared.  If you've been on the internet for more than a millisecond or two, undoubtedly you've seen such things.

     

    When an owner is phished, generally the phisher is trying to gain information from the owner such that he/she can then turn around and spoof the owner's identity or listing with the intent of defrauding travellers.

     

    I generally agree with HomeAway's initial reply to phishing, with the exception of holding the second victim (the owner) financially responsible for the actions of criminals -- especially as long as they've done due dilligence of becoming educated and maintaining strong personal passwords and security.

     

    In summary, phishing does not only originate in the guise of travellers.

    P.

  • sodamo Contributor 260 posts since
    Nov 5, 2011

    DB

    I personally would have no problem having a HA/VRBO only email provided I can access it directly, not having to go to Dashboard or another part HA/VRBO to use it.

     

    David

  • info@stayattremblant.com Active Contributor 540 posts since
    Aug 25, 2011

    lrbaldwin wrote:

     

    Now, if our email has been hacked, at least the hacker can't get access to our dashboard unless he's also hacked H/V.

    [with the current system] A scammer simply click the "I forgot my password link" on HA and changes your password.  Access to dashboard granted!

     

    P.

  • sodamo Contributor 260 posts since
    Nov 5, 2011

    "In summary, phishing does not only originate in the guise of travellers"

     

    Not sure why I'd respond to an inquiry if I didn't believe it was from a traveller. A traveller inquiry is what I expect via HA/VRBO along with their marketing spam.

     

    Please note I did not say ONLY in my post, that is your qualification.

    David

  • lrbaldwin Active Contributor 754 posts since
    Feb 16, 2011

    How does he know your ID for H/V to begin with?  Oh, is that our email address?  I have forgotten.  OK, so we have an ID that isn't our email address.  Is that what you mean?

  • info@stayattremblant.com Active Contributor 540 posts since
    Aug 25, 2011

    Sorry sodamo, I totally don't understand your reply.  It seemed like you were trying to say that the phishing that HA is trying to address is originating from travellers.  I'm observing (and have supplied the references to support) that they are trying first and foremost trying to protect travellers from phishing originating from theives who have spoofed owners' profiles.

     

    P.

  • sodamo Contributor 260 posts since
    Nov 5, 2011

    This highlights an interesting point. Why not focus on making our (owners) HA/VRBO account more secure?

    Why isn't that a higher priority than traveller-owner communications?  If, indeed, security is the primary concern, how does that not work in that direction?

     

    I have a number of online financial accounts, my email is NOT the user name/password for any, some also require a PIN or other info in addition to my username/password. These are not new systems, been around awhile.

     

    David

  • info@stayattremblant.com Active Contributor 540 posts since
    Aug 25, 2011

    lrbaldwin wrote:

     

    How does he know your ID for H/V to begin with?  Oh, is that our email address?  I have forgotten.  OK, so we have an ID that isn't our email address.  Is that what you mean?

    No, no... you asked me how the phisher who had gained access to our e-mail account would be able to access our HomeAway dashboard, I was just letting you know how.

     

    Peter.

1 ... 11 12 13 14 15 ... 46 Previous Next

Not a member?

JOIN THE COMMUNITY

Register Now

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)