I am going to put on my ad to please call as well as email to be sure there is no phishing going on from my account. I suspect my account may have been hacked according to the email that I recieved from HomeAway saying that you will recieve a message saying that your session has logged out.I recieved the message one day, but I dont remember if I logged out of the page or just logged back on through the message.
I have updated my Payment Methods to say the following:
PAYMENT METHODS: PayPal, Credit Cards, Interac Email Money Transfer; by prior arrangement Bank Draft, Money Order, Personal Cheque; Wire Transfer (Prospective Renters must first call Owner using telephone number listed in this website if using Wire Transfer).
All victimized Prospective Renters of Vacation Rental frauds were convinced by fake Owners to send payment via Wire Transfer. No other payment methods were used other than Wire Transfer. Owners can protect themselves by specifying in their ad either one of two things:
1. "We do not accept Wire Transfer"
2. "Prospective Renters must first call Owner using telephone number listed in this website if using Wire Transfer.
That ought to put a STOP to a Scammer in victimizing Owners and Prospective Renters. Start being Pro-active since VRBO/HomeAway is not doing nearly enough to arrest this problem that has gone on too long.
I, too, received an email this morning from a renter who had confirmed he wanted our place only to receive numerous replies/rental agreements from listings (bogus?) he had not contacted. Obviously VRBO has not taken appropriate action to secure their website. I have to wonder how many more potential rental inquiries have been intercepted by these scammers. What are you going to do about it VRBO?
You know, I've now received two e-mails re: scams, phishing etc from HA/VRBO. The gist of them is that "our" systems have been hacked....not theirs. I have been reading all the posts on this subject as well. Do you all remember the recent requirement from VRBO that our passwords to log into our owner's account/dashboard were automatically changed? It makes me wonder that if the scammers can hack into our e-mail systems, can't they hack into our dashboards as well? I know there are security questions, but I really don't have a lot of confidence in what HA/VRBO is doing to protect our investments. I think I'd rather come up with my own password than the required one that VRBO gave to me. I think it's HA/VRBO who has made it too easy to hack our e-mails....
I had to register and chime in here because it's happening to us (as renters) RIGHT NOW! We had sent an inquiry thorugh VRBO for a cabin, and heard back from the owners. But we also heard from Alegria Rentals (?) and within their reply was a copied screen shot with hot links of my VRBO request. It all looked legitimate.
Assuming I was communicating with legitimate rental company that represented the owners, they were offering me a cheaper price that then owners said they would agree to. They were also throwing in maid service, but they were ONLY taking wire transfers. And they never answered my questions properly (check in time is 1AM?).
My husband said it sounded fishy, so I poked around the original email from Alegria Rentals, and sure enough all the hot links took me to the Owner Log In page. It's as if they had hacked the owner's account, cut & paste my inquiry request, and included that in the bottom of their email to me.
I have contacted the owners to verify that Alegria Rentals has nothing to do with them (Colorado is where the cabin is), and I don't know what else needs to be done through VRBO.
But it is VERY disturbing, as a potential first time renter, that I can so easily be scammed. We have only done hotel stays in the past, and I'm sure my husband is very leery of doing this now. Any suggestions on how to continue? We obviously haven't and won't send any money, but I'd love for these jack a**es to be caught!
Every listing at HomeAway has the following note, “Call to verify your reservation and payment details before you pay” where the Owner’s phone number is shown. VRBO don’t have a similar warning, although the Owner’s telephone number is prominently listed there. That is really the only sure way you can tell that you are dealing with the Owner, unless you know the IP address of the Owner so you can check the Onwer's email extended header info. If a listing does not have a telephone number, you can choose to move on to another listing.
I have added the following warning in my own VRBO/HomeAway listing as an added security measure to protect my potential guests. After all, 90% of my guests communicated with me via email, so this warning is for their peace of mind and assurance that they are communciating with the Owner, and not a scammer that has phished the Owner's account.
For the protection of our guests, Owner has a very strong anti-spam & phishing protection in securing email communications. In addition, we provide you with the opportunity to check the extended header of owner’s incoming email so you can be sure the email you received came from the Owner. Owner’s email extended header should have: “X-Originating-IP: [22.214.171.124]”. Google “how to check IP address in an email” for more info.
Note: I have started a thread about this warning at http://community.homeaway.com/message/16957#16957
To all homeowners,
I personally take this subject very seriously,
For the record, never click on 'session timed out' or any such 'error' messages when trying to see an inquiry, re-login using your regular favorites link or however you usually login. If you don't see the inquiry on your dashboard you may have been (unsuccessfully) attacked.
The following info has been on the forum before but it is worth repeating. To insure that you receive notification of inquiries (in case your e-mail has been hacked):
HomeAway: Set up text alert for inquiries. Go to your dashboard, edit listing , contacts, SMS (text messages) to your cell phone. If you get a text but no e-mail, you may have been hacked.
VRBO: On VRBO you can set up a second e-mail to receive inquiries. Set it up on a spouse or partner's e-mail (or even a friend) (ie. separate computer)l. If the secondary e-mail receives an inquiry (but not the primary) you may have been hacked.
Sorry but I don't know about other HA owned sites.
In either case contact the inquirer and warn them and contact HA for more help.
The scammers are not hacking into ads. They are somehow gaining access to the advertisers' personal email accounts and intercepting the inquiries that are forwarded to their email account. So the point of compromise is in the individuals' email accounts, which they are responsible for keeping secure.
Always, ALWAYS call the number on the listing of the property you are booking prior to submitting payment to confirm booking details and payment arrangements. Even an international call is cheaper than possibly lossing thousands of dollars. Why anyone would be so trusting is beyond me in this day and age.
There is a wealth of information in their Security Ceter: http://www.homeaway.com/info/security?Travelers