**Join the Phishing and Scams Report group on Community to receive email alerts every time we post information on a vacation rental scam.
We've been receiving a lot of questions about scams and phishing and would like to make sure everyone understands that these scammers prey on businesses that have access to financial and personal data. Bad guys want into email accounts for whatever personal and financial info they can get - in the vacation rental industry, it's access to travelers that send large amounts of money to owners. Because of this, phishing (or identity theft) efforts give them an entry point.
How does an account get phished?
To be clear, HomeAway’s sites have not been hacked. What is happening is a bad guy is sending you an inquiry to learn your email address. Once the bad guy has your email, he contacts you directly in the form of an identify theft, or “phishing” scam, usually using a fake Gmail or Yahoo login page. Then the bad guy tries to trick you into revealing your username and password of your email provider, at which point, they start corresponding with the traveler, convincing them they are the owner and giving the traveler instructions on where to send the money for their stay – all via email.
Why does it seem to be targeting Vacation Rental Owners?
They aren’t - the bad guys are targeting all online companies. However, the bad guys are looking for new targets and vacations are large ticket items.
How can you protect yourself?
1. If you’re using Gmail, we recommend using the 2-factor authentication which Gmail rolled out a few months ago. This will drastically thwart the bad guys in the event an owner succumbs to a scam.
2. Check your email account for filters that you didn’t create – these can redirect emails from your email account to a bad guy’s account and never show up in your inbox. You can send yourself an email from another account and see if it shows up in your inbox. Doing this periodically will tell you if a bad guy has taken over your email and set up redirect filters.
3. Be cognizant of where they are “authenticating” on the Internet. Authentication is anywhere you enter your user name and a password. Owners need to make sure they are not giving away their login information to a criminal.
4. Respond quickly to phone calls because travelers are trying to validate your payment methods.
5. We also recommend that you are vigilant with your potential guests. For example, if a guest wants to send you a check for more than you agreed upon, and want you to give them the difference back in cash, that should set off warning bells.
Other areas you are responsible for:
• Keep your systems patched and up to date with the latest anti-virus definitions
• Don't let other people use your owner account login and password
• Don't stay logged into your account from a public computer
• Logoff the site when you are finished
• Keep ALL passwords and login information secret.
• Have a different password for your email and HomeAway accounts.
• Notify HomeAway customer support if ANY of your email or even Facebook accounts have been compromised - our Customer Support team will walk you through getting secure again.
What can travelers do to protect themselves?
As we've been instructing people in our recent email warnings, the best protection you have is a phone call. Owners, talk to your guests. Travelers, talk to the owner BEFORE sending any money.
We've found best way for travelers to avoid a scam is to Call Before You Pay- call the number for the owner provided on the HomeAway.com or VRBO.com listing. If there is no number, call our Customer Support and they will give it to you.
How does HomeAway/VRBO help travelers who have been scammed?
We have an entire team whose sole purpose is to locate and shut down bad guys as quickly as possible. We also know that identity theft happens, even with the security measures we take to secure our site, so we've taken the additional step to provide access to protection for travelers, just in case they do become a victim of a phishing scam - our Carefree Rental Guarantee. Details here.
Identity theft is unfortunately a reality of internet life, but please know that we are doing what we can to protect both owners and travelers. Educate yourselves, your friends, your neighbors, your kids and your guests. And don't be afraid to call!