Imagine the shock of receiving a phone call from a vacationer you’ve never heard of who claims to have secured a week in your home – and they’ve already paid (someone else) for it! This scenario is happening more frequently due to a growing occurrence of online scamming called “phishing.” Read on to avoid getting “hooked” and becoming a victim.
What is “phishing?”
According to Wikipedia, “phishing” is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. In other words, criminals pretend to be well-known and trusted companies requesting personal and financial information through an email that they then use for illegal monetary gain. In the case of vacation rentals, the scammer can commit fraud in a couple of ways:
• either by acquiring information allowing them to gain control over a homeowner’s entire email account, thus enabling them to intercept rental inquiries and pose as the homeowner to divert funds to themselves, or
• by acquiring log in information to the homeowner’s online rental listing to divert email inquiries and have funds sent to themselves.
Afterwards, the vacationer would likely claim that, by email, they were promised a week in your property, usually at a massive discount, as long as they sent a money order (which, of course, has been directed to the scammer).
What a “phishing” email looks like
What to watch for
• Actual link address: Taking a closer look at the links in an email might indicate if the communication is from someone other than who they claim to be. Hover your mouse cursor over a link (but don’t click), and watch for a text area to appear above or beneath the cursor (see image below). This text area shows the real address the link would take you to if you clicked on it.
Notice how the real address shown in the rectangular text area with yellow background is different from what displays in the email. Other links may not be so obvious, but a good rule of thumb to go by is, if the two links don’t match, don’t click! Alternatively, in some browsers, the real web address of the link will appear in the extreme lower left corner of the active browser window.
• Alarms and threats: Similar to the example email above, criminals attempt to trick users into believing they must act now, or their security or reputation will be at risk.
• Spelling errors and bad grammar: These can be a telltale sign that an email is a scam, especially when coming from a large and reputable corporation that cares a great deal about their image.
Reporting a “phishing” scam
1. If your email account has been compromised, immediately change your password and contact your email service provider.
2. Some email providers will temporarily suspend your account. You would then need to set up a new email address and update your contact information on all online listing services and/or personal websites you use to advertise your vacation rental.
3. Forward the fake email you received to the company whose identity was stolen. In this case, Yahoo!Mail.
4. Lastly, contact your local authorities.
Try to resist the temptation to blame the company whose identity was stolen and cry poor security. In the end, as users of the Internet, the choice is ours and ours alone to follow links in emails and then submit personal information to the website we’re taken to.
Why is “phishing” so dangerous?
Although anyone can fall victim to “phishing,” vacation rental homeowners are particularly vulnerable as there are usually large sums of money involved and they do much of their business by email. This is why we always stress the importance of speaking directly with your vacationers by phone prior to your committing your home to them.
Despite the fact that it wasn’t you who promised the rental or the rate, and it wasn’t you who received the money if any was paid, it is you, the homeowner, who is ultimately legally responsible for ensuring that the vacationer recoups any losses, either with cash reimbursement or in the form of a future stay in your property for the same period promised. Unless the criminal is caught and it can be proven that someone else acted fraudulently in your place, the obligation is a consequence of your willingly (albeit unknowingly) providing the information a criminal would need to commit the fraud.
“Phishing” and Internet Fraud Resources
Anti-Phishing Working Group – http://education.apwg.org/
Federal Trade Commission – http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
Federal Bureau of Investigation – http://www.fbi.gov/scams-safety/fraud/internet_fraud
Ever been hooked by a phishing scam? Do you have any other suggestions?