GIVING IT ALL AWAY

Post scam emails to warn other rental owners, or if you are not sure if an enquiry is genuine, put it up here and see what others think.
costa-brava
Posts: 689
Joined: Mon Sep 20, 2010 11:57 am
Location: costa brava spain
Contact:

GIVING IT ALL AWAY

Post by costa-brava »

Don't give anybody your password means as follows:
NEVER, NEVER, NEVER click on a link inside an email and then login.
By logging in you are "GIVING" your password.
If you have saved any of your passwords in your PC, pad or phone you will automatically GIVE your password when you login.
None of the authentic sites ask you to login via an email.
They ask you to login by the standard method.
These guys can clone the "look" of any site they want. They don't need to be super hi-tech.
NEVER, NEVER, NEVER click on a link inside an email and then login.
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Re: GIVING IT ALL AWAY

Post by kevsboredagain »

costabravarent wrote: None of the authentic sites ask you to login via an email.
Yes they do. In fact most of them have a link which will take you to your dashboard via a login.
costa-brava
Posts: 689
Joined: Mon Sep 20, 2010 11:57 am
Location: costa brava spain
Contact:

Post by costa-brava »

Then name them and shame them, Kev.
Marks
Posts: 2930
Joined: Mon Nov 06, 2006 10:16 am
Location: Costa Blanca

Post by Marks »

Spain Holiday allows you to log in to your account from an enquiry email.

HomeAway enquiry emails have a big orange button that says "Respond in your dashboard".
Some guests just need a sympathetic pat. On the head. With a hammer.
Bunny
Posts: 3387
Joined: Wed Oct 16, 2013 8:48 pm
Location: South of England

Post by Bunny »

Marks wrote: HomeAway enquiry emails have a big orange button that says "Respond in your dashboard".
I do log in this way for speed, but only if I've had the sms text message too.
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

costabravarent wrote:Then name them and shame them, Kev.
Well for me that would be Airbnb, Flipkey, Holiday Lettings, Homeaway, Homelidays, Abritel, Housetrip, Ownersdirect, Spain Holiday.

I haven't found any that don't contain links in the email which would take you to their site and then require you to login.
e-richard
Posts: 5008
Joined: Sun Oct 17, 2004 11:33 am
Location: Algarve, Portugal
Contact:

Post by e-richard »

Think also about this:

If you "save your password" in your browser, then it saves the password associated with THAT website.

When you click on a link in an email that takes you to a "login screen", then if the login page is a phishing page - i.e. not the legitimate login, then your remembered password will not be pre-filled.

Its a big red warning to look carefully at the URL - the address at the top of the page.!


Mind you, this assumes you're careful when choosing to let the browser save your password.
** Richard
PIMS: Holiday Rental Management system
They say we learn from our mistakes. That makes me a genius !
costa-brava
Posts: 689
Joined: Mon Sep 20, 2010 11:57 am
Location: costa brava spain
Contact:

Post by costa-brava »

You're right folks. I thought I might provoke that response.The bulk of our friendly listing sites are leaving the side door wide open. You have named them. Doubt if you've shamed them.
I usually respond by clicking reply in Hotmail, bypassing the dashboard of the holidayletting site. If I want to respond via the site or to accept a booking I go in the front door.
So given all the problems of people stealing passwords, you must surely all agree with my Never-never suggestion.
If you always enter a site by the front door you are much less likely to be scammed.
I think it's important for all of us that the door is closed to the scammers. If you are in the habit of clicking on links you are W-I-D-E open to being clobbered.
You are, like I said, giving away your password each time. The only way to be sure is to open up the site in the toolbar and login. Of course it takes a few seconds more but would you seriously click on a link that said it was your bank?
Of course not so why do it on letting sites.
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Hotmail for business use, now there's a security risk.

Unless you have a normal Email program setup to use the MIME protocol with your Hotmail account, it means you are going into your business Email account always using your web browser. This vastly increases the chances of your Email account being compromised due to a phishing attack.

Many of these providers now use 2-step verification but not all users will enable it and it does reduce the convenience.

I would put money on the fact that most "hacked" email accounts are due to users being tricked into revealing account details while using a web based interface.

I was contacted last week by the friend of a client who had had his Hotmail account hacked. He had lost several years worth of Emails as well as contacts and was asking if I could help. I couldn't of course.
costa-brava
Posts: 689
Joined: Mon Sep 20, 2010 11:57 am
Location: costa brava spain
Contact:

Post by costa-brava »

I'm not trying to be clever here so if you're trying just to be so geeky and clever I lie down and play dead!
It really is important that the average punter like me can find a way through all this guff to feel reasonably safe. Talking about MIME protocols is frankly for the birds. Get back down to earth.
Look at this post and see what the poor guy is saying.
viewtopic.php?t=25707
He's not alone. Is LMH just a private club for smartasses or do we try to help each other.
Scamming is the big enemy. I'm saying "never click on a link in an email and enter your password". Am I right? Or is it all about MIME protocols? Come on guys?
Essar
Posts: 3243
Joined: Sun Jun 12, 2011 5:24 pm
Location: Bournemouth
Contact:

Post by Essar »

costabravarent wrote:I'm not trying to be clever here so if you're trying just to be so geeky and clever I lie down and play dead!
It really is important that the average punter like me can find a way through all this guff to feel reasonably safe. Talking about MIME protocols is frankly for the birds. Get back down to earth.
Look at this post and see what the poor guy is saying.
viewtopic.php?t=25707
He's not alone. Is LMH just a private club for smartasses or do we try to help each other.
Scamming is the big enemy. I'm saying "never click on a link in an email and enter your password". Am I right? Or is it all about MIME protocols? Come on guys?
Hmmm - a bit harsh there CBR - Kevs helping in his usual way; a way that most of us really appreciate. You need to add some emoticons in your posts to give away your "tone". You come over as being a smartass!! :shock: :lol:
"Write something, even if it's just a suicide note"
"There is no human problem which could not be solved if people would simply do as I advise"
"As for my amnesia, I've had it as long as I can remember"
Real name: Steve
Gender: Male
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Quite often I don't understand what people talk about in a forum but I don't jump up and down in a tantrum. The rest of the post should be understandable to any non technical person. I'm neither trying to be clever nor geeky but simply pointing out where the risks are.

Let me explain the same thing again but without the use of one particular word which seemed to cause so much distress.

When you log into any system online you are giving away your password. This is 100% correct. However, there are two ways you could log into a system.

1. You can do it yourself, manually typing at your keyboard
2. You could let a software program do it for you, either 100% automatically or semi automatically with a little nudge from a human.

1. Humans are well know for making mistakes and being tricked into doing things they never intended. You might know your password without writing it down but are you sure it's really the correct site that you are logging into today? What if it were a clone with a subtle difference in URL (URL=web address)? Would you notice?

2. A software program has to be programmed by the human at the start but will then repeat the exact same action again and again. You can't trick it into logging into the wrong site unless you reprogram it. Although still possible to change the program, the chances of it happening are so much smaller.

Which is most likely to go wrong? Which is the biggest security risk? Hackers do not guess your passwords, they steal them by tricking humans into giving them away. Lots of clever social tricks to make you lose your guard and give it away. Such tricks don't work on computer programs.
costa-brava
Posts: 689
Joined: Mon Sep 20, 2010 11:57 am
Location: costa brava spain
Contact:

Post by costa-brava »

Nobody's jumping up and down but I have absolutely not a scooby what you're talking about with MIME protocols.
Marks, on the other hand, talks about the "big orange button" that invites you to click on a link.
Simple people like me understand big orange buttons and if somebody says "don't click on it" we're into things that Joe Bloggs can understand.
I started this thread saying that we should not click on these juicy buttons. We should open the website that we want to be in via a route that we previously know to be secure. Then, and only then, we can login.
So to all you guys who are smarter than us in IT matters (absolutely firm in my seat, no jumping up. down or sideways) just answer my question.
Am I right? Should we avoid these login invitations that come through emails? I say don't put your password into anything that has come from a link in an email. If you do this you are giving away your password information without knowing who is receiving it. Am I right? Simple question.
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Even typing in the website name and logging in has it's risks. People make mistakes when typing and hackers know this. It's quite common to see domains bought which will be landed on when you mistake a website address.

I could buy www.homeawy.co.uk, clone the front page and grab your login. Still feel safe?
zebedee
Posts: 1270
Joined: Fri Sep 12, 2014 2:57 pm
Location: yorkshire dales

Post by zebedee »

You have given me something to think about Kev.
I never save passwords on my computer, as I always thought that I was safer entering them every time I log on. (I am not on any of the big listing sites though).
Should I change my practice???
Post Reply