Phishing: Seven steps to take when you fall victim

Firstly, it’s essential you act quickly to ensure that the fraudster is unable to trick your customers out of their money. You may not be held liable for the fraud, or money lost, but you will have to deal with the consequences: a lot of unhappy customers and less bookings. details the seven steps to protect yourself and your potential renters from a malicious phishing attack: 

  1. If you believe you have been a victim of a phishing attack you must act quickly. Get in touch with us at or call +34 952 204 435 or from the UK +44 (0) 2033 847066. We will immediately deactivate your advertisement until we are sure that you have dealt with the problem.
  2. Log-in to your Spain-holiday account and click on the customer enquiry icon (see below). Make a note of the last enquiries you received i.e. those sent to your hacked email account. We suggest you also change your account password. 
  3. Send an email to all the enquiries you have received (since the date you have been hacked), informing them of what has happened. Advise them to follow the instructions set out in this help to renters article to avoid become a victim of phishing and paying money to a fraudster. enquiry button customer account page
  4. In our experience, phishing attacks normally involve clients with a hotmail or gmail account. As discussed in our checking your email settings article. The hackers will gain access to your account and change your filters, adding filters to ensure enquiries don’t reach your inbox, rather they are diverted to the hacker. They can then send out fraudulent emails to your enquiries. So it is essential that you log-in straight away to your email account and check the filters settings (see below). Clear all filters, even ones you may have added yourself, you can always add them back at a later stage. If you are unsure how to do so, read the article in the link above. Email filter settings
  5. Set yourself up an SMS (mobile) service, which alerts you to any enquiries made to this email account. This will ensure that you don’t miss any contacts that have been sent to you and which the hacker has picked up.
  6. Once you have cleared the filters, take a screenshot of the cleared filter page and send us a copy. You should also change your email password. Make sure it is unique and uses letters, numbers and symbols. 
  7. The final and compulsory security measure is to set up two-step verification in your personal email account. You can do this for Gmail, Hotmail and Yahoo accounts. Your account will be given a security code, activated when you or anyone attempts to sign-in to your account on an unknown device or computer. This adds an extra and essential layer of protection against hackers. As phishing becomes ever more aggressive, now asks for proof of your two-step verification set-up, before reactivating any advertisements, where the owner has been a victim of phishing. Check out our article on how to set-up the two-step verification in your email account. 

During the set-up of your account, you will be asked to add the two-step verification for your owner's log-in.  It's a simple process that will protect your account from hackers. We recommend all owners who have not yet set-up the two-step verification system to do so immediately to avoid becoming a victim. Find out how to set-up the two-step verification.

We recommend that you take a few minutes to read all the articles we have published on Phishing in the Fraud section of RentalBuzz. These articles will teach you how to avoid becoming the next victim. Phishing and hacking is a nasty menace, commonplace these days. You shouldn’t take it personally as most victims are picked randomly, however it’s vital you protect both yourself and potential renters, who could lose money through their enquiry to your property.   

At we are here to help, so please get in touch immediately if you think your email or mobile has been exposed to phishing. Your advertisement will be deactivated whilst you deal with the problem. We do this to ensure that as few people as possible are affected by the problem. Once we have received your email filter-free screenshot and are satisfied that the threat to your account no longer exists, we will reactivate your advertisement. 

Stay safe!