In a story from the washington post, entitled ‘Vacation rental phishing scams are a familiar, frustrating story’ it once again appears that the holiday rental industry still has some bugs to iron out.
This ‘phising’ type of scam is so called as the scammer uses bait to gain access to a persons email address an password, usually by emailing them a link and saying something like ‘Wow this is mad awesome I suggest you check it out!’
The recipient, eager to view the clearly thrilling content of the link, clicks on it – but wait, for some odd reason they need to log back into their hotmail/gmail/facebook etc. before the link works.. so they do. – But in reality what has just happened is they typed their log in information on a site that looks like hotmail/gmail/facebook – a ploy made by the scammer to get them to type their password on a site they control. The scammer now has access to their email!
The scammers can then impersonate the home owner, by intercepting their emails and responding. This means a genuine customer is paying for a genuine property using the correct correspondance address, but the payment will go to the scam artist who is the one who provides the payment details…
It’s not clear how the scams occur to most people, so many will point the finger to the holday rental site. The matter is infact out of their control.
Modern email systems such as Google and Facebook help you protect yourself against scammers who have your password, by using a double login, where the password is needed but so is a unique code sent to your phone which only ever works once. This way you need the password and the phone – much more secure.
If somebody does access your account, gmail also will usually notice and warn you to change your password. You should also check that you inbound mail has not been set to copy to somebody elses mailbox (all they need is one time access to your email after which they can pretend to be you without ever having to log in again!)
The best most effective way though, to avoid causing this kind of scam, ir never to click a suspicious link, and look out for bogus ‘log in’ sites.
And, when paying somebody, confirm their identity, perhaps by ringing the number listed on their advert.
Stay safe and scam free!
