Identifying text message scams

    Phishing is a common form of online identity theft, and it occurs when a criminal is able to capture your email password and access your online account.  You may be familiar with the most common kind of phishing: e-mail.  It is important to know a phish doesn't always take the form of an email. Phishers want to trick you, and another new method is text messages. Phishers are creative and always changing their approach trying to catch you off your guard.

     

    text scam.png


    How to identify a text message phishing scam

    At first glance, this text message appears to be from HomeAway. However, there are several red flags that alert you to the scam.

    • It demonstrates a poor grasp of spelling, grammar, capitalization, and punctuation.
    • We will never ask you to log in to your account from a text message. You will only receive a text message from us if you have elected to receive inquiry notifications via SMS.
    • The phishing website address starts with "http:" not "https:". The "s" on the end of http means the website is secure. Secure login sites often highlight the URL in green in your browser window. If there is no "s", you are logging into an unsecured website.  Pictured below is the secure owner login URL in popular browsers.

     

    community text scam 2.jpg

     

    How to handle phishing scams

    • Don't click the link. If you ever receive a suspicious email or text asking you to log in. Open a new browser window or tab, and log in directly from the HomeAway website.
    • Be aware of the website you’re logging into. A bad guy can create a website that looks almost exactly the same as the legitimate one. So how can you tell what’s legitimate? The website’s address in your browser is your biggest indicator.
    • Context is key. We will always attempt to contact you via phone if there is a security issue with your account. We will never ask for you to verify your login credentials unless we are speaking to you on the phone.  Links in emails should never be clicked unless it is an expected email like a password reset you specifically requested.
    • Forward suspected phishing emails targeting your HomeAway.com, VRBO.com or VacationRentals.com account to our automated processing system by forwarding the email to spoof@homeaway.com  

     

    If you believe your HomeAway.com or VRBO.com (or any HomeAway Family of Brands) account has been compromised, please contact our Customer Support team.