Phishing and Email Scams – homeowners be alert

A new phishing scam is currently attacking holiday home owner’s email accounts. The scam is clever and we advise you to read this post to learn how it works and how to avoid an attack.

This is how it works

A scammer manages to get a hold of an enquiry sent to a homeowner. Now the scammer initiates communication with the renter and informs him that the property is available and can be booked. The renter transfers the rental deposit to the scammers bank account and is defrauded.

How does the scammer manage to steal the enquiry

When we learnt that someone had stolen an enquiry from a homeowner, we checked our log files and security procedures, but there was nothing to indicate that our systems, or the homeowner’s Spain-holiday.com account had been compromised. We then contacted some of our competitors and soon learnt that they too had recently seen cases with the same scammer. Leading us to conclude that the scam did not take place on our system. It turns out that the homeowner has become a victim of a phishing scam or poor password scam, whichever it is, we don’t know yet.

The responsibility

This case has two victims, the homeowner and the renter. But the renter only became a victim because the homeowner was not careful with the enquiry data. It is important, that you, as a homeowner, are aware that you are responsible for protecting your data so no one can acquire access to your enquiries. Spain-holiday.com cannot assume responsibility because we don’t have control of how homeowners manage their data. We will however be helpful in assisting the homeowner in figuring out how this happened and advise on what to do next.

What is phishing?

Phishing is when someone attempts to acquire your personal information such as user names, passwords or credit card details by masquerading as a trustworthy entity. A typical example is when someone contacts you via email, asking you to enter your account and perform an action. When you click on the link supplied in the email, you will see a login page which is similar to the one you normally use. The only difference is the web page address points to a different server. If you enter your information into this page they collect your data and can now use it to manipulate your real account. You may never know what hit you until you discover a strange behaviour in your account.

When entering your www.spain-holiday.com account the web address should start with this, note https stands for “secure site”

login URL

Poor password scam

  • You should protect your password and here are a few suggestions.
  • Make sure your password cannot be easily guessed. 
  • I suggest you always use a combination of letters, numbers and symbols with more than 6 characters
  • Change your password frequently
  • Do not use the same password for your bank, email, Facebook, Spain-holiday.com etc
  • Remember your password, don’t write it down

Keep in mind that no serious company would ever ask you to re-enter your credit card details, user name or password. 

If you have introduced a CC email account into your Spain-holiday.com account, the above also counts for this email account.

More advice

  • If two different owners answer one enquiry, obviously the renter is warned that something is not right. So always make sure to answer your enquiries, even if your property is not available, or for other reasons cannot be rented
  • If you display a phone number, there is a good chance that a renter will give you a call before finalizing the booking and this is where such a scam will be revealed
  • Your pc or Mac should always be running the latest software and especially the latest version of browser and antivirus software
  • If you work from a netcafe or other public locations, make sure to logout from your account sessions when leaving the computer

Please contact us if you have any questions