Recieved suspicious enquiry via OD from Michael Redman <redmanmichael@outlook.com>
Asking questions like how much for a week in July, how far to the beach... I flagged it as suspect to OD and replied to Michael that the information was in the advert and that in any case we are fully booked July/Aug/Sept...
Received reply this morning saying they wish to go ahead and book but asking me to verify which villa it is on enclosed image..... I wasn't going to fall for the 'your email password has expired please re enter it here' scam that would follow..
new version old trick
new version old trick
I have a very responsible position, if anything goes wrong I'm responsible ..
www.villa-in-kalkan.co.uk
www.villa-in-kalkan.co.uk
I got the same from c_ellis 28 @ aol.co.uk
I was suspicious and sent my reply to the original generic OD enquiry from my email I reserve for these. I also got the follow up email. Interestingly, the source code didn't show up the fake link.
Does anyone techy know why not?
Needless to say I won't be replying to it, and I didn't click on the link, but a precautionary virus scan showed I'd picked up a tracking cookie.
I was suspicious and sent my reply to the original generic OD enquiry from my email I reserve for these. I also got the follow up email. Interestingly, the source code didn't show up the fake link.
Does anyone techy know why not?
The email doesn't show as having an attachment but does open up a very small thumbnail image - which does look like a google satellite view (of somewhere in Austria not our place), with the link to 'google' below it. Hovering over the image or the link shows it would actually go to a page deep down in a site for a hotel in India.=0A=20Hello,=0A=0AThank=20you.=20We=20would=20like=20to=20go=20ahead=20with=20th=
e=20booking=20of=20your=20property=20for=20these=20dates=20(which=20are=20flexib=
le=20depending=20on=20fligts)=20but=20please=20let=20me=20know=20where=20exactly=
=20is=20it=20located.=0A=20Is=20it=20within=20walking=20distance=20to=20amenitie=
s=20or=20do=20we=20need=20a=20rental=20car.=0AWe=20ve=20been=20checking=20the=20=
map=20on=20the=20website,=20could=20you=20please=20confirm=20that=20the=20follow=
ing=20link=20on=20Google=20Maps=20shows=20the=20correct=20location=20of=20your=20=
house?=20Is=20it=20the=20one=20on=20the=20left=20or=20the=20one=20on=20the=20rig=
ht=20side=20of=20the=20image?=20=0A=0A=0A=20=0Ahttps://www.google.com/maps/dir/4=
7.232429,11.879408=0A=0AWould=20you=20please=20advise=20us=20on=20how=20to=20pro=
ceed?=0A=0ABest=20regards,=0A=20=0A=0A=20=0A=0A-
Needless to say I won't be replying to it, and I didn't click on the link, but a precautionary virus scan showed I'd picked up a tracking cookie.
Sorry, I can answer my own techy question actually now. Found another bit of the source code which copies the above, but with the extra html bits in it. In case anyone is interested its this (I've added in extra spaces to the URLs so the links aren't live):
<font=20color=3D'black'=20size=3D'2'=20face=3D'arial'>=0A=0A<div>=20Hello,<br>=0A=
<br>=0A=0AThank=20you.=20We=20would=20like=20to=20go=20ahead=20with=20the=20book=
ing=20of=20your=20property=20=0Afor=20these=20dates=20(which=20are=20flexible=20=
depending=20on=20fligts)=20but=20please=20let=20=0Ame=20know=20where=20exactly=20=
is=20it=20located.<br>=0A=20=0AIs=20it=20within=20walking=20distance=20to=20amen=
ities=20or=20do=20we=20need=20a=20rental=20car.<br>=0A=0AWe=20ve=20been=20checki=
ng=20the=20map=20on=20the=20website,=20could=20you=20please=20confirm=20=0Athat=20=
the=20following=20link=20on=20Google=20Maps=20shows=20the=20correct=20location=20=
of=20=0Ayour=20house?=20Is=20it=20the=20one=20on=20the=20left=20or=20the=20one=20=
on=20the=20right=20side=20of=20=0Athe=20image?=20<br>=0A=0A<br>=0A<a=20href=3D"h=
ttp :// theviewheights. com/maps/photo.php?pic=3Dmap_view_propery_location&k=3D=
ZW5xdWlyaWVzbGFyb3F1ZWhvbGlkYXl2aWxsYUBob3RtYWlsLmNvLnVr"><img=20style=3D"width:=
100px;height:100px;"=20src=3D"http: // i.imgur.com/aVqJjOT.jpg"></a><br>=0A=20<a=20=
href=3D"http: // theviewheights.com/maps/photo.php?pic=3Dmap_view_propery_location=
&k=3DZW5xdWlyaWVzbGFyb3F1ZWhvbGlkYXl2aWxsYUBob3RtYWlsLmNvLnVr"><br>=0A=0Ahtt=
ps: // www .google. com/maps/dir/47.232429,11.879408</a><br>=0A=0A=0A<br>=0A=0AWould=
=20you=20please=20advise=20us=20on=20how=20to=20proceed?<br>=0A<br>=0A=0ABest=20=
regards,=0A</div>=0A=0A=0A=0A<div>=20<br>=0A=0A</div>=0A=0A=0A=0A<div>=20<br>=0A=
=0A</div>=0A=0A=0A=0A<div=20style=3D"font-family:arial,helvetica;font-size:10pt;=
color:black">
Yes same link as in mine to a View Height Resorts...
I have a very responsible position, if anything goes wrong I'm responsible ..
www.villa-in-kalkan.co.uk
www.villa-in-kalkan.co.uk
.... and exactly the same enquiry again from OD this afternoon.
From m graham this time:
what sort of customer service available 24 hours a day and seven days a week is that Don't think I'll bother as don't expect they'll do anything.
From m graham this time:
Was going to report both to OD, but this is what their security page currently says:Hi, Please could you advise of availability and cost of the property for one week in July 2015. I would also be grateful if you could give an indication of the walking distance/time to the beach. Kind regards
....OVER 5 DAYSWe are experiencing very high contact volumes, please accept our apologies for any delay in receiving a reply to your email, our current response time is estimated at over 5 days
Customer Service is available 24 hours a day and seven days a week
what sort of customer service available 24 hours a day and seven days a week is that Don't think I'll bother as don't expect they'll do anything.Suggest you just forward the email to spoof@homeaway.com don't expect a reply but at least it will get logged, otherwise if people stop reporting they will think the problem has gone away..Dotty wrote:....
Was going to report both to OD, but this is what their security page currently says:....OVER 5 DAYSWe are experiencing very high contact volumes, please accept our apologies for any delay in receiving a reply to your email, our current response time is estimated at over 5 days
Customer Service is available 24 hours a day and seven days a week
I have a very responsible position, if anything goes wrong I'm responsible ..
www.villa-in-kalkan.co.uk
www.villa-in-kalkan.co.uk
I've just forwarded both of them to spoof...
Actually, now I think about it, for the last couple of days I've been getting the extra level of security questions to log in to OD, so I wonder whether they have responded to other reports and applied that to accounts to which they forwarded enquiries with this text.
Actually, now I think about it, for the last couple of days I've been getting the extra level of security questions to log in to OD, so I wonder whether they have responded to other reports and applied that to accounts to which they forwarded enquiries with this text.
I confess I'm a bit slow on the uptake when it comes to recognising scam e-mails ........ Earlier this month within just a few days we had several enquiries asking questions about our property. I thought they sounded slightly odd and not one of them came back after I'd replied trying to answer their queries without giving too much away. So my question here is, as all our OD enquiries come via OD, so I can't check the IP source of the original enquiry, how do people recognise suspect spam before entering into an e-mail exchange directly with the enquirer?
Same text but this time from Helen Laflamme.
[Hi, Please could you advise of availability and cost of the property for one week in July 2015. I would also be grateful if you could give an indication of the walking distance/time to the beach. Kind regards]
It isn't unknown but not very many people come to the Lake District for a beach holiday!
[Hi, Please could you advise of availability and cost of the property for one week in July 2015. I would also be grateful if you could give an indication of the walking distance/time to the beach. Kind regards]
It isn't unknown but not very many people come to the Lake District for a beach holiday!
Well, its gut instinct to some extent. I use a different reply email addy if I'm suspicious, and am cagey in what I reply. In this case there are several pointers:teba18 wrote:I confess I'm a bit slow on the uptake when it comes to recognising scam e-mails ........ Earlier this month within just a few days we had several enquiries asking questions about our property. I thought they sounded slightly odd and not one of them came back after I'd replied trying to answer their queries without giving too much away. So my question here is, as all our OD enquiries come via OD, so I can't check the IP source of the original enquiry, how do people recognise suspect spam before entering into an e-mail exchange directly with the enquirer?
1. no number of people specified
2. no telephone no
3. no dates
4. both the email & name consist of one initial & surname - no capitals
5. vague a week in July in text, especially when availability shows it all booked
6. reference to 'the property', not the villa or the apartment or even the house as appropriate
5. in this case asking question about distance to beach, when its part of the heading for the ad on OD.
One or two may be OK, but in total this all adds up. If you don't get a reply then all they get is your email addy (and if you've used a email for suspect enquiries they don't even have your 'real' email). If they reply then the source code tells you a lot - IP addresses, although I believe they can fake that, but also you can look for links not going to where they seem or to attachments with file types which may be harmful.
I would further add that often the name of the sender bears no resemblance to the name within the email address, i.e the enquiry might come from John Chummy-Friend but the email is chris.jones@ or the enquiry is just one rather bizarre question, the answer to which is in your listing anyway, i.e. "Air conditioning?" "Washing machine?"
-
aussiefrog
- Posts: 408
- Joined: Mon Dec 10, 2012 4:54 am
- Location: Languedoc, France