Cottage Owners: Beware of the latest phishing scam

Over the past couple of years most cottage owners have become familiar with over payment scams (if you haven’t then please read our article to find out more). However, phishing scams also seem to be increasing in number and improving in technique, so we wanted to provide you with some information on common scenarios which should hopefully prevent you getting caught.

How phishing scams work

The primary aim of a phishing scam is to obtain access to personal information such as passwords and userids or credit card information. Once gained, a scammer will then have access to sensitive areas such as a victims webmail account or even bank account and be able to use their identity.

The real-life scenarios below will help to explain how scammers work in the holiday rental market along with providing key tips to help you spot a scam. However, firstly let us highlight the key ‘takeaway’ from this article: never click a link that someone has sent you in an email unless you are 100% sure it is safe and from a genuine person. 

So let’s look at some common scenarios…

Scenario 1: The most recent phishing scam is purporting to be from Independent Cottages requesting the owner reactivates their account due to unusual activity.

As you will see, there is a link on the email which ‘looks’ like it will take you through to the owners login area of our site. Should you click on this link (obviously don’t!), it will take you to a screen that replicates our owners login screen and will then capture your login userid and password should you enter it (if you have done this, we strongly urge you to change your password on our site ASAP and please make the new password completely different to the original one).

Scenario 2: A scammer asking for confirmation of your property location on a map.

This one has been doing the rounds since 2015 and the scammer poses as a potential enquirer, asking for confirmation of the properties exact location on a map. The initial enquiry may look fairly genuine at first glance with the scammer asking questions such as: “Hi can you tell me if your property is available on the above dates? Also is there wifi at the property? Is there a local shop/bar within walking distance? Thank you”. Upon closer investigation, you will often find that any telephone number given is invalid.

The second communication is when most owners become suspicious as the rogue ‘enquirer’ will create a scenario which encourages the cottage owner to click a link they have placed within the email.  For example:

“Hello again!

Thank you. We would like to go ahead with the booking of your property for these dates (which are flexible depending on fligts) but please let me know where exactly is it located.
Is it within walking distance to amenities or do we need a rental car.
We ve been checking the map on the website, could you please confirm that the following link on Google Maps shows the correct location of your house? Is it the one on the left or the one on the right side of the image?
Would you please advise us on how to proceed?
Kindest Regards,

Sent from my iPhone
https://www.google.co.uk/maps/place/England/@52.8379502,-2.3247583,6z……….”

This is another scenario that this particular scammer has used in follow-up communication:

“Hi, I am glad that is available.
Please find attached the Enquiry Form our passports and our reguests, (our full names – persons, address, phone number contact, email address and the period that interests us. We have put flexible dates, just let us know wich one is available.
After you complete with our dates i will make payment straight away.
Kindest Regards,
Sent from my iPhone”

As you can see in the cases above, the grammar used is poor. Up until recently this has been a giveaway sign for a scammer. However, as things evolve, things improve and so has the scammers use of English!

Scenario 3: Another particularly cheeky one! An email arriving that states it is an enquiry from Independent Cottages (or another advertising website).

This is what an email looked like that came across one of our owners screens. Thankfully she realised it was not in the usual format of our enquiries and had the good sense to not click the ‘display message’ button. Our enquiries never require you to click a button to view details so if one arrives that requests you do so, delete the message and please do not click it! Genuine enquiries sent to you via Independent Cottages can always be found in the owners area by clicking the ‘enquiry/booking management’ option.  

Scenario 4: A scammer asking for permission to publish photos of your property in a lifestyle magazine.

“Hello,

First of all I want to thank you for a wonderful time we had at your property this summer, I was invited by a group of friends to stay a couple of days with them at your beautiful home. I am a professional photographer working for a lifestyle magazine called Houses and I took the permission to take a couple of pictures. I would kindly like to ask for your permission to publish them in our magazine and I have attached them in the following Dropbox folder for you to view them. Also it would be much appreciate if you can forward your mobile phone number so I would publish it also in the magazine.

Regards Terry Martins, Houses Magazine”

As already mentioned, the aim of a phishing scammer is to get you to click the link they provide in their communication and when you do, it is likely to take you to a fake log-in page. In this example the scammer set the page up to look like Gmail and Yahoo login pages. Many owners will not fall for this but it can catch an owner out if they have a webmail account with the same webmail provider. If you briefly drop your guard and enter your login details (account name and password), the scammer will then have a record of them and be able to login to your webmail account and wreak havoc (possibly without you even knowing). Make sure you keep your personal details as safe and secure as possible. Our article on mitigating on-line fraud risks has some good tips to help you.

As time goes on, scams are becoming more clever and plausible so make sure you are not the next cottage owner to get caught!

Scenario 5: A scammer claiming to have stayed with you last year, wanting to rebook.

This scammer has been sending out lots of emails to cottage owners (first reported to us July 2018). An example of his email is below and the email has an attachment which states it is a booking form and looks like a word doc. However,  when you click it, it takes you to a screen which gives the appearance of a Google Drive page.

“Good morning,

We had a lovely time at your property last year and I was wondering if is available for 2019 same period. I have attached last year booking form with all the details. We will be the same number of people and let me know if the price has changed since I am ready to transfer the funds to book it.

Kind regards

Andrew”

We are guessing that if you click the link provided, you will be taken to a site that will look like Google Drive and will harvest your userid and password if you have entered it. Do not click the attachment!

Scenario 6: A scammer claiming to be a professional photographer working for a lifestyle magazine, wanting to do a photo shoot at your property.

This time ‘Terry Martins’ claims to be a professional photographer working for a lifestyle magazine called ‘Unique Homes’. This is what he had to say:

“Hello and good day,

I am a professional photographer working for a lifestyle magazine called Unique Homes. We are wondering if you have 2 days availability in September for a photo shoot of your property.

I have attached to OneDrive some of our covers and pictures with the properties we featured in our magazine for you to view my work.

We will also advertise your property in our magazine and please let us know your phone number to include in the pictures description.

Many thanks in advance for all your help.

Regards

Terry Martins
Photographer
Unique Homes
+44 (0) 755234… “

Scenario 7: This phishing scam was received via email by one of our owners stating it was a ‘Refund Confirmation’ for an online payment supposedly made to ourselves!

It does look fairly authentic (although not the type of email we would ever send) and could easily catch owners out, so please be cautious of communication emails and if ever in any doubt, contact us for clarification.

Tips to help holiday home owners spot and avoid scammers:

• Pay attention to the grammar used in communications and be cautious of emails containing grammatical errors (although this can be the case for genuine foreign holiday makers).
• Never click on links unless you are confident they are genuine and you know who has sent them.
• Don’t just click on the link –  check it first. If you hover your mouse over a link (without clicking on it!), you will see the true website identity.  As you will see from this example, they have used our company name but it is not our website URL.
• We have a golden rule – ‘if something is too good to be true, it usually is’! If a potential holiday maker is overly flexible (with dates, prices etc), or someone is offering you something that seems amazing, be cautious.
• Be cautious if an enquirer responds under different names – scammers often forget which name they are using and respond back using a different one.
• If you are concerned about the authenticity of an enquirer, request a phone number and try to speak to them in person – scammers are highly unlikely to speak to you! The same rule applies if the email appears to be from a company. Pick the phone up and phone the company (and make sure you phone the number listed on the companies official website and not one provided in an email!).

Scammers are getting smarter and their techniques are continually improving and becoming more plausible. Stress aside, financial consequences can be devastating, as is the case for this vishing scam that has cost cottage owners thousands. Please take a moment to have a read – make sure you are not the next person to get caught out and spread the word to others in the holiday rental industry.