Online security checklist

Owner advice
Property services
Owner advice > Managing rentals > Online security checklist

Online security checklist

Advertising your home online is the easiest and most efficient way of marketing your property. However, as with any online account, it’s vital that you have effective security measures in place to avoid someone unauthorised attempting to access your private information.

Online crime is sadly on the increase with fraudsters known as ‘hackers’ attempting to obtain private information (e.g. passwords) from unsuspecting victims by using phishing websites, spyware and malware viruses.

With access to the email account used to manage enquiries on Holiday Lettings, the hacker would also have access to your enquiries and could pose as the legitimate owner of your home. They would have the potential to respond to your enquiries, to acquire payments from holidaymakers, or simply set up automatic forwarding of your emails to their own accounts (probably without you even realising).

The good news is that this can be avoided by taking some precautionary measures. Our checklist will help you to keep your online accounts safe.

For ease of reference, we've numbered them below:

  1. Avoid being caught out by phishing emails

  2. Install anti-virus and anti-malware software on your devices

  3. Use different passwords for all of your accounts

  4. Keep your email address used for your enquiries private

  5. How to spot fake enquires

  6. Log into your Holiday Lettings account regularly

1. Avoid being caught out by phishing emails

What is ‘phishing’? Phishing is the practice of sending emails that appear to be from a trustworthy source in order to acquire sensitive information (e.g. login/passwords, credit card details) for fraudulent purposes.

The risk: clicking on a link directs you to a site that looks like Holiday Lettings but actually has a slightly altered or misspelt URL (e.g.; you input your login details and the scammers then know how to access your Holiday Lettings account. Some advanced scams use programs to remotely collect or establish your login/password details simply as a result of you replying to an email or clicking on a link within an email.

How to protect yourself from phishing:

  • Be extra vigilant when perusing enquiry emails. We do our best to prevent spam enquiries from reaching you, but please watch out for spam enquiries too.

  • Keep an eye out for phishing emails. Don't click on links in suspicious emails and never input sensitive information on websites that look familiar but not quite right. Never log into any sites if you can’t see the ‘https’ in the address bar. We will never ask you to log into any site other than Holiday Lettings.

An example of a typical phishing email:

"Thanks for the response to my enquiry. My colleague rented a property 2 weeks ago from a different owner, please confirm to us if your property has exact facilities. You can view the pictures by clicking on the link below, please get back to us soon so we can make up our mind on what to do. It is a secured site, so you'll be required to login before you can view it!/home.html”

In this example, the fraudster is attempting to collect log in details by directing the recipient to a phishing site. However, it’s also possible that clicking on the link itself could download a virus onto your device. We don’t want you to miss out on any genuine enquiries, so if you receive an enquiry you’re not sure about, please do get in touch with us and we can advise.

'Smishing' is the SMS (short message service) based form of phishing. As with phishing, smishing was so named as it follows a ‘hook’ and ‘bait’ method: the bait is the persuasion, and the hook is the actual method used to gather information. Smishing text messages can look very convincing if you’re not aware of what to look out for. To help you avoid becoming a target, please see our detailed smishing advice page.

2. Install anti-virus and anti-malware software on your devices

  • Ensure you have a good security programme installed on your computer such as Norton Internet Security that contains anti-virus, Spyware and firewall protection. Using a programme such as this will intercept any malicious sites or software that hackers use to try to gain access to your computer.

  • You can also download free, third party services that will tell you if it has found any security risks or problems for the site you are using. If you computer works on a Microsoft Windows system try this free antivirus software and this anti-malware software, which should pick up anything else that the antivirus misses.

  • Use your anti-virus software to thoroughly scan your computer for viruses every week and make regular backups of your important files. Make sure that your wireless network has a password and is encrypted. This will stop others using your connection for free and possibly being able to see what you're looking at.

  • As technology progresses, hackers look for more advanced ways to obtain passwords, personal information and credit card details so always try to keep your software updated. Also, having anti-virus and anti-malware software installed on your computer is ideal, but you still need to be vigilant and keep a look out for anything that doesn’t ring true.

3. Use different passwords for all of your accounts

  • For every new account, create a new password. This will make it much more difficult for hackers and in the unfortunate event that they manage to get hold of one of your passwords, your other accounts will remain secure. Use a variety of passwords and change them frequently.

  • Never store your passwords on your computer, laptop, tablet, mobile or any other electronic device that can access the internet. If you have trouble remembering your passwords, it’s much safer to write them down on a piece of paper that you can keep in a secure place.

  • Choose a strong password. Make sure your password isn’t easy to guess and is at least seven characters long. The passwords should contain letters (uppercase and lowercase), numerals and, where possible, symbols.

  • It’s advisable to log out after using your online accounts straight away. Some websites will give you the option to stay logged in but if your device (such as your computer) has already been infected with a virus the hackers might be able to use your accounts and see your passwords remotely without you being aware.

  • If you’re using someone else’s computer or logging in through a shared network, such as a workplace or an internet cafe, always log out as soon as you’ve finished what you’re doing. To be extra safe, avoid using shared networks and devices if possible and only use your personal ones.

4. Keep your email address used for your enquiries private

  • Consider setting up a designated email address just for enquiries from holidaymakers. This will make organising your queries and potential bookings easier. It will also mean that you’re not using this email address for any other purpose so your other online accounts will not be affected should they be targeted by hackers.

  • Never display your email address on your own website. Hackers are able to search the web with ‘harvesting’ software and capture email addresses to add them to a list so they can be used for malicious purposes. If you have your own website and you want to receive enquiries through it, we strongly recommend setting up an enquiry form so your email address isn’t displayed. You’ll notice that if someone wants to make an enquiry through Holiday Lettings, we use a similar form which means your email address is hidden and the enquiries can be put through a filter before being sent onto you. There are many website providing email forms for websites free of charge, such as

  • Some email providers, such as Google, have an additional security measure in place called '2-Step verification'. Once set up, if you were to access your email account from an unknown device, you would be sent a pin code via text message which you would need to log in. This means that should a hacker try to access your account, you would be sent the pin code alerting you to this and it should prevent any unauthorised access. However, this is a preventative measure and if your account has already been compromised this will not ensure your account's safety. If you log into your email account and check the 'help' section, you can find out if your email provider has this service.

  • Check the settings on your email account often to make sure nothing has been changed. Fraudsters will often set up a redirect on your email. Once your email has been hacked, it’s possible for them to direct all emails containing a key word, for example, ‘enquiry’ to a different email address. This means unless you check your settings regularly to make sure it’s all as it should be, fraudsters could be receiving your enquiries to a different email address and responding to them in order to collect deposits from unsuspecting holidaymakers.

  • Consider using a paid email provider, such as BTinternet, TalkTalk and Microsoft Outlook, if possible. Most internet providers allocate you with an email address when signing up with them. There’s still no guarantee that hackers won’t find a way to target people with these email addresses but it’s more difficult. The security is tighter, spam and virus filters are more thorough and if something were to go wrong, paid providers offer customer support and can be contacted via phone.

5. Spotting fake enquires

Holiday Lettings has a variety of security systems in place to monitor and reject these scam emails. However, fraudsters are constantly looking for new ways to trick us so it’s important that you too remain vigilant.

Clues to help you identify a scam enquiry are:

  • The enquirer asks to pay by cheque, sends too much money and asks for a refund of the difference.

  • The enquiry is written in poor English and overly formal. However, please note that you may receive legitimate enquiries from a holidaymaker for whom English is not their first language.

  • The enquiry includes a lot of the holidaymaker's personal circumstances which are irrelevant.

  • The enquiry may be for a noticeably long period of time.

  • The enquirer wishes to pay by Western Union, banker’s draft or cashier’s cheque.

  • The enquirer asks you to phone them but the number they provide is a premium rate number. Such numbers often begin in 09.

Be wary about calling if the telephone number is a premium rate one, but do try to speak with the enquirer wherever possible. Not only does this help you to convert genuine enquiries quickly, but you’ll be able to get a better idea of what their intentions are.

If the enquiry has not come through Holiday Lettings or any other advertising portal you may be listing your property with, question how this person found your email address. If you don’t have your own website and haven’t advertised your property anywhere else using your email addresses, there’s a chance that the enquiry is fraudulent so you should exercise caution.

6. Log into your Holiday Lettings account regularly

  • Every enquiry that you receive will be displayed on the ‘Inbox’ page in your ‘Home Management’. If you notice that any of these enquiries have not been delivered to the email address you have registered on your account with us, contact us immediately as it’s possible your email address has been hacked. Our team can advise you on the steps you need to take to secure your Holiday Lettings account.

  • Set up SMS alerts. When a holidaymaker sends an enquiry, we can send you a free SMS alert to your mobile phone. You can set this up through the ‘Your Account’ section in your ‘Home Management’ page. This helps you to respond to your enquiries quickly but will also mean that - if you receive your SMS alert but do not receive your enquiry - you'll be alerted to the possibility that your email address may have been compromised. Again, please do contact us and we can help you with this.

  • Please read our advice pages for more detailed information about phishing and smishing (mobile form of phishing).

    Author: Kate, Customer Communications Executive

    Date: February 2012