Phising from Home

Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Breakfast Diva

Well-known member
Joined
May 27, 2009
Messages
5,911
Reaction score
29
Here's an interesting article about H om e A wa y and scams. Remember, they are the parent company of b&b dot com.
[swirt - moved this from chat vent cry --> spams and scams]
 
The bigger they get, the easier it is to say - Not my problemo. They make the little guy take the fall while they collect from both ends. Are they making the rental company pay them a commission on the losses they are making the rental company compensate?
 
The article does not seem to be fully forthcoming. The phishing scam isn't happening ON the home away site. It actually has liitle to do with homeaway other than that is how the people got connected to the rental's email address and ultimately the scammer.
It did not say that the scammer got a hold of the homeaway site login, it said the scammer got a hold of the rental owner's email login. It didn't get that from the homeaway site, it got that from the rental owner falling for a phishing scam or getting hacked due to a wimpy password.
So after the rental owner got phished/hacked, did the owner do any of the following to mitigate the problem?
  • Change their email info on the homeaway site to a non compromised email account?
  • Change their email info on every other Rental directory they use to a non-compromised email account?
  • Publish a notice on their own sites or any others that their email had been compromised between the dates of ABC to DEF and that anyone that had contact with them between those dates should use this new address to contact the owner.
If the rental owner did not do all of these things, then the owner did not do enough to mitigate their damages and in my opinion should be on the hook for compensating travelers.
In the above situation, it was through no lax in security of homeaway or the traveler that lead to the travelers' loss. The rental owner got duped by phishing or had some simple password on their email so it just got hacked and lost control of their email account. The onus should be on the rental owner. Security at this level has to be in the hands of the rental owner... you want to do business, you got to be safe and do your homework.
If anything, this should be a good lesson... if your email address that you use for your business has some wimpy password on it, you are putting your proffits and your customers at risk. If you are gullible to phishing schemes, you are putting your profits and your customers at risk.
 
Seriously... this isn't HA's fault at all, this is the owner's fault AND the renter's fault. Yes, both of them. It's so damn easy to blame HA, but let's be realistic, what did they do to ensure that the transaction was safe? They "wired" the money. Does that sound safe to you? It doesn't to me. But why is it the job of HA to check the facts? Their job is simply to sell ad space on their website. Not to mention that they also offer an insurance policy that would have covered the loss for $59 and it specifically mentions covering... "You are the victim of Internet fraud, including phishing"
I've had a few guests show up who tell me their tale of woe. Usually it's from NYC, but I have heard a few from people who have been ripped off on a vacation rental only to show up and find out that the address doesn't exist and the telephone number was a disposible mobile phone.
Okay, maybe I have been a proponent of the idea that mobile phones should have their own area codes, like in Europe, but let's be serious, there are ways to send money that are safer... and if someone is asking for 100% of the money up front in a method that has no draw-back security, your red flag should come up. A credit card should be the first thing that comes to mind and maybe paypal. A deposit and not a full payment. Checking the address on Google Maps. Reviews from several sources. Licences. Etc.
 
:: burp :: (double post.. is this because I use Chrome?)
 
Seriously... this isn't HA's fault at all, this is the owner's fault AND the renter's fault. Yes, both of them. It's so damn easy to blame HA, but let's be realistic, what did they do to ensure that the transaction was safe? They "wired" the money. Does that sound safe to you? It doesn't to me. But why is it the job of HA to check the facts? Their job is simply to sell ad space on their website. Not to mention that they also offer an insurance policy that would have covered the loss for $59 and it specifically mentions covering... "You are the victim of Internet fraud, including phishing"
I've had a few guests show up who tell me their tale of woe. Usually it's from NYC, but I have heard a few from people who have been ripped off on a vacation rental only to show up and find out that the address doesn't exist and the telephone number was a disposible mobile phone.
Okay, maybe I have been a proponent of the idea that mobile phones should have their own area codes, like in Europe, but let's be serious, there are ways to send money that are safer... and if someone is asking for 100% of the money up front in a method that has no draw-back security, your red flag should come up. A credit card should be the first thing that comes to mind and maybe paypal. A deposit and not a full payment. Checking the address on Google Maps. Reviews from several sources. Licences. Etc..
Don't see at all why the rental person who was in effect scammed also should pay them compensation. Is this a weird US thing? as no UK company would pay it.
 
The article does not seem to be fully forthcoming. The phishing scam isn't happening ON the home away site. It actually has liitle to do with homeaway other than that is how the people got connected to the rental's email address and ultimately the scammer.
It did not say that the scammer got a hold of the homeaway site login, it said the scammer got a hold of the rental owner's email login. It didn't get that from the homeaway site, it got that from the rental owner falling for a phishing scam or getting hacked due to a wimpy password.
So after the rental owner got phished/hacked, did the owner do any of the following to mitigate the problem?
  • Change their email info on the homeaway site to a non compromised email account?
  • Change their email info on every other Rental directory they use to a non-compromised email account?
  • Publish a notice on their own sites or any others that their email had been compromised between the dates of ABC to DEF and that anyone that had contact with them between those dates should use this new address to contact the owner.
If the rental owner did not do all of these things, then the owner did not do enough to mitigate their damages and in my opinion should be on the hook for compensating travelers.
In the above situation, it was through no lax in security of homeaway or the traveler that lead to the travelers' loss. The rental owner got duped by phishing or had some simple password on their email so it just got hacked and lost control of their email account. The onus should be on the rental owner. Security at this level has to be in the hands of the rental owner... you want to do business, you got to be safe and do your homework.
If anything, this should be a good lesson... if your email address that you use for your business has some wimpy password on it, you are putting your proffits and your customers at risk. If you are gullible to phishing schemes, you are putting your profits and your customers at risk..
Thanks, Swirt. I will insert foot back into mouth. You are correct as usual King Friday. (Funning aside, you are right.)
 
The article does not seem to be fully forthcoming. The phishing scam isn't happening ON the home away site. It actually has liitle to do with homeaway other than that is how the people got connected to the rental's email address and ultimately the scammer.
It did not say that the scammer got a hold of the homeaway site login, it said the scammer got a hold of the rental owner's email login. It didn't get that from the homeaway site, it got that from the rental owner falling for a phishing scam or getting hacked due to a wimpy password.
So after the rental owner got phished/hacked, did the owner do any of the following to mitigate the problem?
  • Change their email info on the homeaway site to a non compromised email account?
  • Change their email info on every other Rental directory they use to a non-compromised email account?
  • Publish a notice on their own sites or any others that their email had been compromised between the dates of ABC to DEF and that anyone that had contact with them between those dates should use this new address to contact the owner.
If the rental owner did not do all of these things, then the owner did not do enough to mitigate their damages and in my opinion should be on the hook for compensating travelers.
In the above situation, it was through no lax in security of homeaway or the traveler that lead to the travelers' loss. The rental owner got duped by phishing or had some simple password on their email so it just got hacked and lost control of their email account. The onus should be on the rental owner. Security at this level has to be in the hands of the rental owner... you want to do business, you got to be safe and do your homework.
If anything, this should be a good lesson... if your email address that you use for your business has some wimpy password on it, you are putting your proffits and your customers at risk. If you are gullible to phishing schemes, you are putting your profits and your customers at risk..
It's certainly not clear when reading the article that the phishers have accessed the info from the owners, not the site. I do agree that each owner needs to be responsible for how they deal with scams and wire transfers. On the other hand, if HA knew that these owners and renters are being targeted from the info on HA, they should have bold disclaimers on the site to make users aware of the problem. Craigs list does it pretty effectively. At that point, if someone falls into the trap, it's because of their own stupidity.
 
Back
Top