Phishing - Don't Get Hooked

    phishing-scammer.jpg

    If you’ve familiarized yourself with our emails or Community forums, you’ve most likely already heard about phishing. We can’t say it too many times – LEARN IT AND LIVE IT: PROTECT YOURSELF FROM PHISHING! Learn the basics and view screenshots of actual phishing attempts below. Here's some more information.

     


    Learn the Basics


    What is phishing?
    Phishing is a serious threat to YOU and the entire vacation rental industry! It occurs when an owner or property manager mistakenly gives a criminal their email password, ultimately losing control of their email account and their online identity. Once the criminal, also known as a “phisher,” has control of the email account, they can impersonate the owner or property manager, describing the property and ultimately attempting to convince a legitimate traveler to pay real money for a fake reservation.


    How do phishers get an owner or property manager’s email address?

    Phishers typically send bogus inquiries using HomeAway sites (see below for screenshots from multiple recent phishing emails). While we have sophisticated trust and security technology, which can stop spammers and block known phishers, some bogus inquiries are indistinguishable from legitimate inquiries. When trusting owners or property managers respond to these criminals, they are revealing their email address. Learn more in the Discovery Hub.

    What are the early warning signs that an owner or manager’s email account has been phished?
    There are a few common signs that might indicate that an email account has been phished:
    - The email account has been accessed from a different machine or location.
    - New folders or filters are set up in the email account.
    - Your email account stops receiving inquiries from HomeAway.
    - There are inquiries in your dashboard that don’t appear in your email account.


    Prevent It From Happening to You


    How do I prevent phishing?

    -  Only enter your email username and password after verifying that you are on the website of your email provider. Check the URL. If you want to respond to a request that came via email, open a new browser window and go to your email provider’s website to sign in (i.e. if you use Gmail, go to Gmail.com to sign in, instead of going to Gmail via a link).
    - Only change email information after initiating a session with your email provider. NEVER click a link to update your account info or change your password from an email!
    - Cross check your inquiries on your HomeAway dashboard and your email. If you’re missing emails for inquiries, a phisher might’ve accessed your account and set up a filter to divert the inquiry emails.
    - Set up two-part authentication with your email provider.


    How do I spot a phishing email?
    - The email appears to be from HomeAway, Inc. but asks you to download software. We do not offer software via email to our customers.
    - The email appears to be from HomeAway. Inc. and asks you to click a link to change a password, authenticate your account, or verify your email address.
    - When viewing inquiries via your email, be sure they’re coming from HomeAway. Even if the “From:” field shows our email address, you can hover over it to view the full From email address. It should only come from a "@messages.homeaway.com" email address.
    - See other examples below.

    How else can I protect myself and my travelers from phishing?
    - Use ReservationManager to accept online payments. Accepting reservations via ReservationManager with credit card or eCheck (for U.S. residents) is the most secure way to process a booking on our sites. When the owner or property manager sends an email invoice via ReservationManager, travelers are able to make immediate and secure payments by Visa, MasterCard and Discover credit cards or an eCheck. When travelers pay with ReservationManager, their payment is protected by our Book with Confidence Guarantee.
    - HomeAway’s security measures have made it virtually impossible for phishers to change the phone number on an owner or property manager’s account. Keeping all communications in your owner dashboard will help ensure the safety of your personal information and that of the traveler.


    See It With Your Own Eyes!


    Where can I see examples of phishing emails?

    Here are some screenshots of recent phishing emails. NOTE THAT NONE OF THESE WERE ACTUALLY SENT FROM HOMEAWAY, INC.!

     

    phish email screenshot 4Feb12.JPG

    Request_to_Change_Password_Phishing_Scam_9Jan13.png

    Screen shot 2013-01-17 at 9.41.10 AM.png

    2012_07_02_Direct_Phishing_Attack.png

    Screen shot 2013-01-17 at 9.39.10 AM.png

    Account_Inactivity_Phishing_Notice_7Jan13.png

    PhishingEmail.png

    Rentals_Disabled_Phishing_Attack_28-Nov-12.png


    *Last Updated April 11, 2018