Phishing - scam emails

 
Owner advice
   
Property services
   
 
Owner advice > Managing rentals > Phishing - scam emails

Phishing - scam emails

Phishing is the practice of sending out emails that appear to be from a trustworthy company in order to acquire sensitive information for fraudulent purposes.

The aim is to get hold of passwords, personal details or credit card details by posing as trusted companies. Most commonly these are emails that are supposedly from banks, social networking sites such as Facebook and online auction sites like eBay.

How does it affect my holiday home business and my guests?

You should never underestimate how valuable genuine booking enquiries are to someone attempting to run a scam. Instances of people trying to gain access to this information are increasing, so it is extremely important to be vigilant.

If someone manages to gain access to your advertising account or any email accounts they will be able to access your enquiries – they will then be able to use this information to take payments from potential holidaymakers whilst posing as the legitimate owner of the holiday home.

How to spot a phishing email

Phishing emails will usually ask you to update or verify some aspect of your account information. You will be asked to click on a link which will take you to a bogus website, which will often be a very convincing copy of the legitimate site of the company in question. Obviously, not all emails of this type are scams, but there are certain things you should keep an eye out for when receiving such an email:

  • Email address: the sender’s email address will not tally with the website address of the trusted organisation. It may well be sent from a completely different address, often a free web mail address

  • Generic greeting: instead of using your proper name, or the name registered on your account, a non-specific greeting like ‘dear customer’ is often used

  • Sense of urgency: the email may urge you to take action as soon as possible – for example it might include a threat that your account may be suspended or closed if you don’t act immediately

  • Prominent website link: these can either be forged or appear to be very similar to the proper address, but beware – even one different character means a different website

  • Request for personal information: such as a user name, password or bank details

  • Errors: the email may contain a series of spelling and grammatical errors

Emails from holidaylettings.co.uk

If you receive any emails from us that appear suspicious to you, please contact us to confirm whether or not it is genuine.

Also be aware that we will never ask you to log in to any other site than holidaylettings.co.uk in order to change your advert or personal details. The only page from which you should log in is www.holidaylettings.co.uk/logon_register.aspx. This is the only place we will ever ask you for your password and will never request it by email.

We will never request payment anywhere other than on www.holidaylettings.co.uk. All payments will be confirmed by email to the address you specify.

Some email providers such as Google have an additional security measure in place called '2-Step verification'. Once set up, if you were to access your email account from an unknown device, you would be sent a pin code via text message which you would need to log in. This means that should a hacker try to access your account, you would be sent the pin code alerting you to this and it should prevent any unauthorised access. However, this is a preventative measure and if your account has already been compromised this will not ensure your account's safety. If you log into your email account and check the 'help' section, you can find out if your email provider has this service.

How to tell if a website isn’t genuine

When visiting a site, you should always check the URL (website address) in the address bar at the top of the page. A common phishing technique is slightly misspelling the domain name so you should check that the website name has the correct spelling.

Be aware of any text tagged on after the main site name and before the .co.uk/.com. For example, a bogus website could be something like http://www.holidaylettings.worldwide.co.uk

If you are worried about phishing more generally, you can download a free, third party service that will tell you if it has found any security risks or problems for the site you are using.