Within the last couple of weeks, we have seen several cases where home owners have had their e-mail accounts hijacked by fraudsters.
It seems to hit users of Yahoo and GMail e-mail accounts.
They receive e-mails like this:
The VRBO e-mail looks very genuine, but in both cases the links points to an adresses on ComCast servers like this:
http:// home.comcast.net /~kratzfamily?login=doneSuccesswarrning9&us.mg5.mail.yahoo.com/neo/launch?.rand=cdpm5tab2p8q5 which redirects to another url on an ip address
http:// 83.244.220.233 /common/swf/login/yahoo/?login=doneSuccesswarrning9&us.mg5.mail.yahoo.com/neo/launch?.rand=cdpm5tab2p8q5
(we have contacted comcast and exponential-e.net and asked them to shut down these phishing pages)
UPDATE May 18th: The addresses mentioned above are shut down now, but other ComCast addresses and ip adresses are still running. Please let us know if you have examples of other phishing sites.
The above page shows a fake Yahoo login page that looks exactly like the real Yahoo login page, but instead it is designed to steal the login details.
The fraudsters will now receive all booking enquiries sent to this owner and start to communicate with travellers who think they are e-mailing with a genuine home owner.
In several cases, this has lead to loss of money where holiday makers have transfered (often large) amounts to fake home owners and only found out that it was scam when it was too late.
This puts both the home owners, holiday makers and also businesses like ours in a very bad situation. The holiday makers are of course very angry, because they have lost money and that anger is often targeted at the home owner. The home owner has lost a possible booking and have indirectly caused the loss of money for a holiday maker. And we, as holiday rentals business, have often delivered the enquiry to the hijacked mail box getting us involved too where we have to spend a lot of ressources on it. And it is very harmful for the industry.
We take this situation very seriously and will work together within the industry to fight this kind of fraud. Even though we are competitors, none of us would like to see the industry get a bad reputation and therefore we will do all we can to fight this kind of crime. Among other initiatives, we support the "Prevention Of Fraud in Travel" initiative.
What can I do as a home owner?
First of all, don't trust any e-mails. Be very careful if you get an e-mail that sends you to a page where you have to type your username and password.
Look at the address bar in the browser to make sure that it is the correct site your are at and that it is SSL encryptet. Click on the padlock icon to verify that it is the correct website. Never use your username and password on a webpage that is not secure (the padlock icon in the browser). Click here to open our login page to see how it looks in your browser.
Second, if you use Yahoo or GMail, you should activate Two Factor authentication which makes it harder for a fraudster to login even if he has your username and password.
Re more here if you use Yahoo mail, or here if you use GMail.
Third check the login activity on your mail account. Google and Yahoo both make it possible to see the recent account activity, so you can make sure if anybody else have logged in on your account.
What can I do as a Travel Maker
Businesses like Campaya do a lot of security checks on our advertisers, but we cannot control what happens with their e-mail afterwards.
It is therefore important that you always confirm that it is the right person you are sending the money to, before you make the transfer.
Check that the e-mail address is the same in all the correspondence, from the first confirmation from us to the last e-mail from the home owner regarding the transfer.
Call the home owner on the phone number mentioned on our site and enquiry confirmation. If another phone number is given to you in the correspondence, you should be careful.
If possible, pay by credit card (for instance through PayPal), instead of making a bank transfer. It makes it easier to get the money back in case of a problem.