....read all of the below and help protect your business from fraud.
We have been informed by some of our customers about a new kind of fraud that's targeting holiday cottages and B&B's around the world.
The scam goes like this:
1. The fraudster hacks into your email inbox (possible if your password is not very secure)
2. He waits until you receive booking enquiries (either direct emails or through websites like *****
3. When the enquiry arrives in your inbox, he makes a copy of the email and quickly deletes it from your inbox before you ever get to see it.
4. He sets up a new email account with a very similar address to your own (if your email is rosecottage @ hotmail.com, he creates rose-cottage @ gmail.com)
5. From this new account he replies to the holiday makers, impersonating you. Eventually he convinces them to transfer a deposit.
6. Summer comes and the holidaymakers arrive at your cottage thinking they've made a booking. The sad reality is they have made false arrangements with your impersonator, and have given their money to a fraudster.
Fortunately by securing your email account, you can massively reduce a fraudsters ability to pull of this kind of trick.
Here's what you should do right now:
• Change the password on your email account today.
Use a new, strong password made of letters and numbers.
Never use the same password for your email as you use for other websites.
• Change the password on ***** site today.
login into ***** site and click the change password button
In addition to the above tips we strongly recommend customers use a secure email provider (we recommend Gmail) and enabling Two Factor Authentication so access to your mobile phone is required to login to your email account.
Listing site warning - email password hack scam
Listing site warning - email password hack scam
I've just received this email this morning from a small site I advertise on. I'm going to respond as I think there are at least two bits of incorrect information, but I wanted your opinions or wording first.
-
kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
-
PW in Polemi
- Posts: 1781
- Joined: Sun Oct 21, 2012 5:23 am
- Location: A village in Paphos, Cyprus
Firstly, it's not a "new" kind of scam. It's been about for some years now.
Secondly, email enquiries are often accompanied by SMS text alerts - so the owner would know he is possibly being subject to a scam if he received the SMS and not the email, either as an email or on his dashboard.
Thirdly, I agree with Kev - gmail is one of the email systems being used (and abused) by scammers. Having it as your main business email does not tend to impress potential customers with your professionalism. However, it is useful to have as a backup for when your own domain is not recognised by some of the (smaller) ISPs out there, or to use to scam the scammers!
Secondly, email enquiries are often accompanied by SMS text alerts - so the owner would know he is possibly being subject to a scam if he received the SMS and not the email, either as an email or on his dashboard.
Thirdly, I agree with Kev - gmail is one of the email systems being used (and abused) by scammers. Having it as your main business email does not tend to impress potential customers with your professionalism. However, it is useful to have as a backup for when your own domain is not recognised by some of the (smaller) ISPs out there, or to use to scam the scammers!
Dogs have masters. Cats have slaves!
How about point 1?
Isn't the hacking more likely to take place through sending an email with a link that the unsuspecting owner clicks on, so the scammer harvests the password that way? How likely is it that scammers are simply guessing passwords because they are "weak" or perhaps using some sort of software to crack the password?1. The fraudster hacks into your email inbox (possible if your password is not very secure)
Good point Nemo - so obvious that I missed it completely 
. I scan read "the fraudster hacks into your email inbox" and took that as a given - we're all so used to hearing about the various attempts to do that. BUT - as you say, the means by which they acquire your password (rather than arriving at it by automated trial and error) is very significant. It doesn't matter how secure your password is if you go and give it to someone via a false login.
. I scan read "the fraudster hacks into your email inbox" and took that as a given - we're all so used to hearing about the various attempts to do that. BUT - as you say, the means by which they acquire your password (rather than arriving at it by automated trial and error) is very significant. It doesn't matter how secure your password is if you go and give it to someone via a false login.-
Joanna
- Posts: 1091
- Joined: Thu Aug 23, 2007 3:12 pm
- Location: Chester, North West England & Sidmouth, East Devon
- Contact:
I agree that they are missing the single most important warning of all which is to avoid clicking links in emails that appear to come from your listing site or email provider. They really need to stress how important it is to bring up the site via your browser, never from an email link.
Occasionally I get genuine emails from energy suppliers and the like with a link to my latest on-line bill. They all need to stop doing this and just tell us to go to the website where we can find a nice 'customer login' button clearly visible on the home page. Then the scammers emails would stand out a mile because they'd be the only ones emailing links. My bank has already gone down that route.
I have a WordPress site and it does get regular multiple login attempts - all using standard user names like 'admin' or the domain name. I've been surprised at how often it happens and it goes to show that you do need to set unique login names and passwords - don't go for anything too predictable. I imagine that any well known platform such as WordPress or, indeed, Gmail must be a tempting target. Hence, your second point.
Occasionally I get genuine emails from energy suppliers and the like with a link to my latest on-line bill. They all need to stop doing this and just tell us to go to the website where we can find a nice 'customer login' button clearly visible on the home page. Then the scammers emails would stand out a mile because they'd be the only ones emailing links. My bank has already gone down that route.
I have a WordPress site and it does get regular multiple login attempts - all using standard user names like 'admin' or the domain name. I've been surprised at how often it happens and it goes to show that you do need to set unique login names and passwords - don't go for anything too predictable. I imagine that any well known platform such as WordPress or, indeed, Gmail must be a tempting target. Hence, your second point.
Jo
Joint owner of Baker's Cottage in Chester & Chandler's Cottage in Sidmouth
Joint owner of Baker's Cottage in Chester & Chandler's Cottage in Sidmouth
nor links sent in sms messages eitherJoanna wrote:I agree that they are missing the single most important warning of all which is to avoid clicking links in emails that appear to come from your listing site or email provider. They really need to stress how important it is to bring up the site via your browser, never from an email link.