HA/OD enquiries asking to reply directly

Post scam emails to warn other rental owners, or if you are not sure if an enquiry is genuine, put it up here and see what others think.
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Re: HA/OD enquiries asking to reply directly

Post by AngloDutch »

Bree wrote:I have had a few enquiries in the last few days from HA/OD all asking me to reply directly to an outlook address, they all have left spaces between the name @ & outlook so that the email address comes through, I have reported them to HA.
Not sure if the text has changed since August, but did it look like this:
Dear,

I am interested in renting your property. Please contact me for details and deposit info.
To keep things simple (for me) from a correspondence point of view, I will be emailing you more fully from my 'home' address helenabney @ outlook.com

Emailing through Homeaway means I cannot easily keep all my correspondence in one place: where I want and need it.

Many thanks and kind regards,
Helen
I received the above enquiry via HA from a Helen Abney for a stay in November this afternoon. I checked my dashboard to see if it showed, checked that the dates were actually available, checked the English grammar and just thought that maybe they forgot to put in our names in the salutation.

Asking to communicate with them outside of the HA system was also no problem for us, because we always do this anyway after a first email through the system to satisfy HA's performance count.

One thing I did think strange is that there was no phone number showing (no means to let it be shown either) when viewing the enquiry in the dashboard. But I was definitely on the real HA site because I had actually typed that into my browser, so thought that HA had again been tinkering with things.

So, after doing our usual security checks, I replied directly to the email address (helenabney@outlook.com)

Then two hours later I received an enquiry via OD with the exact same text but with a date request for next April. Then the alarm bells started ringing.

Pasting some of the text of the enquiry into Google brought up this from a French HA Community thread:

https://community.homeaway.com/thread/51823

There was the same text but with a French name underneath.

So, this is not phishing with a fake site and no reply (yet) that they want to pay with a 'certified bank cheque'. Are they going to all this trouble just to harvest email addresses? Is this something new? This has now got me worried....
Last edited by AngloDutch on Fri Oct 02, 2015 5:05 pm, edited 1 time in total.
Ele
Posts: 103
Joined: Mon Nov 10, 2014 9:26 am
Location: Moraira, Costa Blanca, Spain

Post by Ele »

I received the above enquiry via HA from a Helen Abney for a stay in November this afternoon.
AngloDutch I received the exact same enquiry text on 22nd Sept via HA for November dates, but from an 'Edwardo Wilkerson'.

Being a bit suspicious I replied via the HA system but also cc'd his outlook address. A week later I got a reply, directly from his outlook address not via HA, with a fake OD (not HA) branded page notifying me that 'You have received a payment, click here to accept the payment'. There was then an 'Accept' link, which led to my email login page.....prompting me to enter my password.

Not seen this one before in that the phishing attempt mimics a payment notification. I've reported to spoof@homeaway.com.
Sam V
Posts: 1707
Joined: Fri Nov 20, 2009 1:45 pm
Location: Villa in Gale, Algarve, Portugal. At home in Fetcham, Surrey, UK
Contact:

Post by Sam V »

That's interesting, I think my earlier post is also related to this issue:

viewtopic.php?t=24781

I did contact OD and had a conversation with them about it and worryingly the email address I was contacted directly on is in my OD account details and not visible on my listing. OD said they'd look into this and get back to me, they never did.

Here's the original OD enquiry:

Dear Sir,

Would you please tell me if there some availability for the second week till last from November 2015.
Looking forward hearing from you. Also you can contact me directly at: ashley.stoner2 @ outlook.com

Best regards,
Ashley
Last edited by Sam V on Fri Oct 02, 2015 5:08 pm, edited 1 time in total.
TA lurkers walk among us; the LMH Walking Dead

dont mess in the affairs of cats for they are subtle and will p on your computer.

www.algarvevillatrinity.co.uk
www.facebook.com/villatrinity
www.gardenerscottage.promotemyplace.com
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

Thanks, Ele.

I haven't received the email yet but no doubt it will come through. I never click on any links in an email unless I am expecting something like a confirmation email when setting up an account, or something similar.

These emails are getting much better and I actually thought it was genuine when I replied. It showed in my dashboard, so came through the HA system and therefore I didn't have any concerns about being diverted to a fake HA page even if I had actually clicked on any of the links.

So, it begins as a scam, asking you to contact them directly and then you receive this phishing email. I wonder how many unsuspecting owners will fall for this.

The way it is written in English is quite different to the 'Hallelujah' emails of old (you know, 'We are a group of bible sellers who are looking to rent a room for a month....Gods blessings', etc.) that we've all been receiving for many years now.

I honestly thought that it was a savvy and experienced HA user who was also not happy with the constraints of communicating within 'boxes' and was requesting to just email directly.

It just goes to show why communication through the system was set up in the first place....
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

Sam V wrote:That's interesting, I think my earlier post is also related to this issue:

viewtopic.php?t=24781

I did contact OD and had a conversation with them about it and worryingly the email address I was contacted directly on is in my OD account details and not visible on my listing. OD said they'd look into this and get back to me, they never did.

Here's the original OD enquiry:

Dear Sir,

Would you please tell me if there some availability for the second week till last from November 2015.
Looking forward hearing from you. Also you can contact me directly at: ashley.stoner2 @ outlook.com

Best regards,
Ashley

Hi Sam,

This is strange.

Your post in my browser (Firefox) looks like this:
That's interesting, I think this earlier post I had no responses to is also related to this post:

viewtopic.php?t=24781
_________________
dont mess in the affairs of cats for they are subtle and will p on your computer.
Only now that I have gone to reply to you to ask whether the text in the email you received was similar to mine do I see that you had added that as well in your original post. I have back paged and refreshed several times but it is still an abridged version of your post showing.

Not sure if this is an LMH or Firefox bug, but I will make sure to check the quote in future before I ask another LMH'er something blindly obvious! :o

If there are any tekkies reading who might know what's happening.....?
Sam V
Posts: 1707
Joined: Fri Nov 20, 2009 1:45 pm
Location: Villa in Gale, Algarve, Portugal. At home in Fetcham, Surrey, UK
Contact:

Post by Sam V »

Hope this helps:

I posted this on 22 Aug:
I've just had an enquiry text and email from OD. I've logged into my OD dashboard Inbox to reply ASAP to maintain my good behaviour record and noticed under the enquirers name 'Home Away.com', all previous enquiries have 'owners direct.co.uk'. So I've also logged into my HA account and there is no enquiry from the same person and all previous enquiries have HA under the enquirers name. So now I'm a bit confused why an HA enquiry is in my OD dashboard. I'm sure someone can enlighten me.

23 Aug: I have separate paid accounts for both OD and HA so that's why I thought it was more odd that if someone was enquiring via my HA listing that it should come through to my OD listing. I've double checked a search on both sites in case I'm somehow listed twice with either site, I'm not. So still a bit odd that an enquiry seemingly generated from my HA listing should come through to my OD listing.

9 Sept:
I've now had a reply to the enquiry, and although I replied direct in my OD dashboard, the enquirer has replied direct to my personal email address (not supplied in the quote) that they want to book and have supplied all their details for me in a PDF! (I know these PDFs are a scam not to be opened!)

So I know now this is not an HA/OD system glitch but some kind of hack, I best contact OD now I guess.
TA lurkers walk among us; the LMH Walking Dead

dont mess in the affairs of cats for they are subtle and will p on your computer.

www.algarvevillatrinity.co.uk
www.facebook.com/villatrinity
www.gardenerscottage.promotemyplace.com
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

We too have separate accounts on OD and HA. But we have the listings duplicated across the sites (plus 2 agency listings active on HA as well).

If someone accesses our OD listing on HA USA for example, and then makes an enquiry, then the email received (and logged at the dashboard) will be from OD but will show 'enquiry from Homeaway.com'.

If you are sure that there is no duplicate (have you checked any other HA site apart from where you have been looking - com, co.uk, etc.?), then it looks like it's a technical glitch.

Good luck with getting it solved (at least you won't have to deal with HL and FK's 'support' in India!)
Sam V
Posts: 1707
Joined: Fri Nov 20, 2009 1:45 pm
Location: Villa in Gale, Algarve, Portugal. At home in Fetcham, Surrey, UK
Contact:

Post by Sam V »

AngloDutch wrote:We too have separate accounts on OD and HA. But we have the listings duplicated across the sites (plus 2 agency listings active on HA as well).

If someone accesses our OD listing on HA USA for example, and then makes an enquiry, then the email received (and logged at the dashboard) will be from OD but will show 'enquiry from Homeaway.com'.

If you are sure that there is no duplicate (have you checked any other HA site apart from where you have been looking - com, co.uk, etc.?), then it looks like it's a technical glitch.

Good luck with getting it solved (at least you won't have to deal with HL and FK's 'support' in India!)
I've looked and don't have duplicate listings on either site and doesn't explain why an enquiry on my HA account would arrive in my OD account (has never happened before) or explain how the enquirer would get access to contact me direct to my personal email. When I spoke to OD they could not explain it either.
TA lurkers walk among us; the LMH Walking Dead

dont mess in the affairs of cats for they are subtle and will p on your computer.

www.algarvevillatrinity.co.uk
www.facebook.com/villatrinity
www.gardenerscottage.promotemyplace.com
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Re: HA/OD enquiries asking to reply directly

Post by AngloDutch »

AngloDutch wrote: So, this is not phishing with a fake site and no reply (yet) that they want to pay with a 'certified bank cheque'. Are they going to all this trouble just to harvest email addresses? Is this something new? This has now got me worried....

And yes, last Sunday night someone managed to hack our eBay account which uses the same email address as the one from where we sent our replies to 'Helen'. First time in 16 years that anyone has managed this, so an incredible coincidence if this has now occurred shortly after emailing these HA scammers.

It seems that they managed to change the eBay account password and then the registered email address and we received notifications that this had been done. Within the next 20 minutes they accessed our PayPal account (which we also use for accepting Euro funds for bookings) but were unable to alter the password or email address on that.

We were literally woken up to the fact that this was going on as we received an automated call from PayPal asking us if we had authorized a change to our account details. This at half past two in the morning.

We now have retaken our eBay account but have had to create a new sign in, password and changed the security questions.

But what we do not understand is how they can get access to our eBay account in order to change the password. If you click 'forgot password´' then the password (reminder) is sent to the email address on file, and they cannot change the email address without first logging in? It seems that eBay's security is not up to much....

So, if you have received a similar email to ours, with someone asking to be contacted outside of the HA system, I would check to see if your other accounts (including outside of your rental business) are still secure, maybe checking your SPAM folders for any emails that may have gone there stating that someone has attempted to, or managed to alter your log in details or email address somewhere.
User avatar
Nemo
Posts: 7062
Joined: Thu Aug 14, 2008 10:15 am
Location: Norfolk

Re: HA/OD enquiries asking to reply directly

Post by Nemo »

AngloDutch wrote: It seems that they managed to change the eBay account password and then the registered email address and we received notifications that this had been done. Within the next 20 minutes they accessed our PayPal account (which we also use for accepting Euro funds for bookings) but were unable to alter the password or email address on that.

We were literally woken up to the fact that this was going on as we received an automated call from PayPal asking us if we had authorized a change to our account details. This at half past two in the morning.

We now have retaken our eBay account but have had to create a new sign in, password and changed the security questions.

But what we do not understand is how they can get access to our eBay account in order to change the password. If you click 'forgot password´' then the password (reminder) is sent to the email address on file, and they cannot change the email address without first logging in? It seems that eBay's security is not up to much....
I'm guessing, as I haven't read all that's gone before, but that sounds to me as if it's not ebay at fault but that your email has been hacked? Therefore if they have set up a filter on your email, they could ask for a forgotten password link and that would be redirected before you ever saw it? I think that's how it works anyway. Have you checked that email address for filters and then changed the password for that too?
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Re: HA/OD enquiries asking to reply directly

Post by AngloDutch »

Nemo wrote:
I'm guessing, as I haven't read all that's gone before, but that sounds to me as if it's not ebay at fault but that your email has been hacked? Therefore if they have set up a filter on your email, they could ask for a forgotten password link and that would be redirected before you ever saw it? I think that's how it works anyway. Have you checked that email address for filters and then changed the password for that too?

Oh, gosh, Nemo, now you've got me worried. I thought it was impossible to do this unless you had the password as well, either by getting it from the owner (phishing log in, or keyboard logger, etc) or through hacking the database, in this case:

http://www.dailymail.co.uk/news/article ... words.html

I know that these people are very clever and we have always managed to defeat their numerous attempts to hack their way into everything (never clicking on any link in an email, etc.) but they seem to be using different methods now.

I've just checked our email setup on the internet provider's site to see if there's anything strange there under filters, but it was blank.

Actually, it was good that I checked our internet provider dashboard for email anyway because for some reason there is a SPAM filter there which is catching emails before they come through to our outlook account (and have the opportunity to be marked as SPAM there). Just found an email (a real one) from Expedia there from several days ago!

I have an idea that emails that are marked as SPAM at server level never reach our inbox (or SPAM box) on our laptop. I have checked to see whether this SPAM filter can be turned off or adjusted, but can't see anywhere to do this. You can only mark the message as 'this is not SPAM' and it will then appear in the inbox, dated when it was originally sent.

Now I'm wondering how many answers to enquiries never reached us. When you start checking things, you then uncover even more, don't you? Now I'm going to have to make sure we log on to this dashboard at least several times a week..
:roll:
User avatar
pambon
Posts: 2959
Joined: Thu Apr 24, 2008 2:25 pm

Post by pambon »

e-richard wrote:This also explains why guests are very reticent about leaving reviews on HomeAway.
Same non-optional opt-in rules apply :evil:
Indeed. I had a guy stay for 16 nights in August who emailed me a LONG great review but declined to leave a shorter version on OD for this very reason :cry:
newtimber
Posts: 1945
Joined: Sat Nov 24, 2012 5:57 pm
Location: Brighton
Contact:

Re: HA/OD enquiries asking to reply directly

Post by newtimber »

AngloDutch wrote:
AngloDutch wrote:
It seems that they managed to change the eBay account password and then the registered email address and we received notifications that this had been done. Within the next 20 minutes they accessed our PayPal account (which we also use for accepting Euro funds for bookings) but were unable to alter the password or email address on that.
I assume that you are using strong passwords and aren't using the same password for different websites?
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Re: HA/OD enquiries asking to reply directly

Post by AngloDutch »

newtimber wrote:I assume that you are using strong passwords and aren't using the same password for different websites?
Yes, including numbers and letters together. We have about 5 different passwords for around several hundred sites on internet where we have accounts.
Although we can remember all of the passwords, the difficulty we have is remembering which password is being used on which site!
newtimber
Posts: 1945
Joined: Sat Nov 24, 2012 5:57 pm
Location: Brighton
Contact:

Re: HA/OD enquiries asking to reply directly

Post by newtimber »

AngloDutch wrote:
newtimber wrote:I assume that you are using strong passwords and aren't using the same password for different websites?
Yes, including numbers and letters together. We have about 5 different passwords for around several hundred sites on internet where we have accounts.
Although we can remember all of the passwords, the difficulty we have is remembering which password is being used on which site!
This may be the problem. If one of the several hundred sites you use has a security breach or is not handling very sensitive data so does not need high security, then that username/password will be in the hacking community. They then can (and will) just try it on other sites to see whether it works.

I'd really recommend using a password program (or even the one supplied with your browser) and let it generate random secure passwords that you cannot remember. You then only have to remember one password and the password program will not fill in your password onto phishing sites (and you can't either because you don't know what it is!)
Post Reply