Phishing scams

Our top picks

Holiday Cottages
11290 Properties

Villas in Spain
8759 Properties

Villas in Tenerife
792 Properties

Gites in France
5962 Properties

Holiday Cottages in Cornwall
2303 Properties

London Holiday Apartments
590 Properties

Florida Villas
748 Properties

Villas in Ibiza
212 Properties

Villas in Portugal
3200 Properties

Villas in Turkey
1975 Properties

Villas in Malta
316 Properties

Lake District Cottages
602 Properties

Villas in Mallorca
835 Properties

Villas in Greece
1142 Properties

Villas in Cyprus
2485 Properties

Holiday Cottages Scotland
1286 Properties

Cottages in Wales
1626 Properties

Villas in Lanzarote
690 Properties

Cottages in Ireland
1188 Properties

Holiday Apartments New York
153 Properties

 
Owner advice
   
Property services
   
 
Owner advice > Managing rentals > Phishing scams

Phishing scams

Phishing is the practice of sending out emails that appear to be from a trustworthy company in order to acquire sensitive information for fraudulent purposes.

The aim is to get hold of passwords, personal details or credit card details by posing as trusted companies. Most commonly these are emails that are supposedly from banks, social networking sites such as Facebook and online auction sites like eBay.

How does it affect my holiday home business and my guests?

You should never underestimate how valuable genuine booking enquiries are to someone attempting to run a scam. Instances of people trying to gain access to this information are increasing, so it is extremely important to be vigilant.

If someone manages to gain access to your advertising account or any email accounts they will be able to access your enquiries – they will then be able to use this information to take payments from potential holidaymakers whilst posing as the legitimate owner of the holiday home.

How to spot a phishing email

Phishing emails will usually ask you to update or verify some aspect of your account information. You will be asked to click on a link which will take you to a bogus website, which will often be a very convincing copy of the legitimate one of the company in question. Obviously, not all emails of this type are scams, but there are certain things you should keep an eye out for when receiving such an email:

  • Email address: the sender’s email address will not tally with the website address of the trusted organisation. It may well be sent from a completely different address, often a free web mail address

  • Generic greeting: instead of using your proper name, or the name registered on your account, a non-specific greeting like ‘dear customer’ is often used

  • Sense of urgency: the email may urge you to take action as soon as possible – for example a threat that your account may be suspended or closed if you don’t act immediately

  • Prominent website link: these can either be forged or appear to be very similar to the proper address, but beware – even one different character means a different website

  • Request for personal information: such as a user name, password or bank details

  • Errors: the email may contain a series of spelling and grammatical errors

Emails from holidaylettings.co.uk

If you receive any emails from us that appear suspicious to you, please contact us to confirm whether or not it is genuine.

Also be aware that we will never ask you to log in to any other site than holidaylettings.co.uk in order to change your advert or personal details. You should only ever be logging in from a secure link (either a domain name beginning https or with a padlock icon by the web address). This is the only place we will ever ask you for your password and will never request it by email.

We will never request payment anywhere other than on www.holidaylettings.co.uk. All payments will be confirmed by email to the address you specify.

Some email providers such as Google have an additional security measure in place called '2-Step verification'. Once set up, if you were to access your email account from an unknown device, you would be sent a pin code via text message which you would need to log in. This means that should a hacker try to access your account, you would be sent the pin code alerting you to this and it should prevent any unauthorised access. However, this is a preventative measure and if your account has already been compromised this will not ensure your account's safety. If you log into your email account and check the 'help' section, you can find out if your email provider has this service.

How to tell if a website isn’t genuine

When visiting a site, you should always check the URL (website address) in the address bar at the top of the page. A common phishing technique is slightly misspelling the domain name so you should check that the website name has the correct spelling.

Be aware of any text tagged on after the main site name and before the .co.uk/.com. For example, a bogus website could be something like http://www.holidaylettings.worldwide.co.uk

If you are worried about phishing more generally, you can download a free, third party service that will tell you if it has found any security risks or problems for the site you are using.