They already have something like this, its just a little obscure and its kind of hard to find.
On VRBO you can set up a secondary e-mail address to receive inquiries. Go to edit on your VRBO and then go to the contacts tab. I think it would be pretty hard for scammers to get both emails. For me I use my wife's e-mail for the secondary. She checks with me if she sees an inquiry.
On HA they have a text message alert. Under listing editor, contacts, you can add text alerts to your cell phone. My cell gets an alert when an inquiry comes in.
This would protect you from a e-mail hijacker but probably not from a keylogger attack. We do need more information...
I know, I was the one that reminded everyone they can use 2 email addresses in another thread. The mussing I stated above forces everyone to use Method #2 unless they indicated 2 email addresses. At least with the above system, it creates multiple layers of security making it difficult for scammers to penetrate.
To those who are not aware of recent phishing scams that has been appearing in the last couple of months, here is the gist of the scam. I’ve been racking my brains lately for ideas on what HomeAway might do to counter this type of scam, hence this “mussing....” thread for anyone to make their suggestions. If you have any of your own, say it here. Maybe they will listen.
These attacks are specifically targeting Owners (or Property Managers) with ads at VRBO/HomeAway in particular (but can really be any) using known free web base email accounts (i.e. Gmail, Yahoo! Mail, Hotmail and Windows Live email addresses). What is happening is the bad guy is sending Owners an inquiry generated from the VRBO/HomeAway Owner’s webpage listing to learn the Owner’s email address. Once the bad guys has the Owner’s email address, he sends a fake email inquiry (not generated at the Owner’s website) directly this time to the Owner that includes a VRBO/HomeAway in the subject line and looking like a normal or official inquiry. The email includes a link to “View Message”, and when clicked, the Owner is sent to a page telling him that his email session has ended and that he needs to log back in and presents him with a login page (a fake one) that looks almost identical to an official login of the Owner’s email provider to trick the Owner to login, thereby capturing (phishing) the username and password. They could then login to the Owner’s email account and create filters to redirect any VRBO/HomeAway Inquiries to the bad guy’s account so that it never shows up in the Owner’s inbox... at which point they start corresponding with the travelers that sent Inquiries, convincing them they are the Owner and giving travelers a discount and instructions on where to send the money (always via wiretransfer, their modus operandi) for their stay – all via email. The Real Owner is unaware this is happening, unless and until the Traveler has been duped in sending the money and calls the Owner.
Perhaps a simple way...
Potential renter sends inquiry through VRBO
That triggers email alert from VRBO owner using email or text to owners choice of address on file.
Owner logs in to VRBO to retrieve inquiry using either account password or perhaps an inquiry only password.
Owner chooses to respond directly or through reservation manager.
Set up property the time difference should be in just minutes at most.
Owner still has total control and chooses what level of info goes through VRBO after completing initial contact.
Here is a foolproof Inquiry system I had just thought of.
Traveler sends an inquiry through VRBO/HomeAway website like normal.
Owner receives the Email Inquiry from VRBO/HomeAway with all the information in it except the Traveler’s email address is anonymized (cryptic) to prevent the Owner (or receiver) from directly responding to the Inquirer (Traveler) in this initial email inquiry.
When Owner hits “reply” (from his email program), compose his reply and sends it, it is channelled through VRBO/HomeAway (because of the anonymized email address) and the following security measures are performed to authenticate the validity of the Owner before it is sent to the Inquirer (done by a computer at the VRBO side).
The extended header information of the Owner is checked (by VRBO's computer) to confirm the following matches, before email is sent to the Inquirer (Traveler):
- The sender’s (owner) email address matches what’s on record,
- The IP address of the sender points to the City where Owner lives, and if it doesn’t (Owner may be travelling), the email bounces back to the sender informing him to login to the website to answer a security question before the email is sent to the Inquirer (Traveler).
Subsequent email communications after the above initial ones goes directly to Traveler/Owner.
With the above procedure, it is virtually foolproof.