Just when I thought it was safe to rent another VRBO vacation home, I received a complaint from Brit Railston about a rental in Utah that went terribly wrong.
Now, to be clear, it is safe to rent from VRBO as long as you use a credit card. But please, folks, no wiring money. Ever.
I’m already in touch with VRBO about this case, which I’ll get to in a minute. Meanwhile, the question for you is: Given VRBO’s response, how hard should I push it to refund Railston’s $9,900. (Yeah, that’s a lot of money.)
The home in Park City, Utah, was meant for an extended family gathering in October.
“After some back and forth negotiation, we agreed on a price and were sent wiring and check-in instructions,” he says.
(Again, at the risk of repeating myself: no wiring money!)
Strangely enough, we never received the promised “welcome package” once the funds were sent.
After a few weeks I called the seller; he claimed to have never heard from us, and had no idea what I was talking about. After several follow up calls, I believe him.
VBRO denied all responsibility in the scam, and said the owners email must have been hacked. Yet the owner said he got legitimate property requests both the week before and after the alleged hack of his email.
At this point, it sounds like we’re out of luck.
VBRO isn’t being any help. It seems to me if VBRO knows its possible for negotiation to be phished from their site, yet they still support it via their site, they have some culpability.
Let’s go straight to the VRBO response. I think it’s illuminating.
You recently sent an inquiry for the property referenced above. First, thank you for using our site. Unfortunately, we have reason to believe that the owner or property manager may have unknowingly and inadvertently had their email account compromised.
What this means for you specifically is that there’s a chance someone other than the actual owner or manager for the property may have viewed your inquiry and contacted you. This issue is commonly referred to as internet phishing. When we learned of this potential issue, as a precaution to you our traveler and also to protect our vacation property owner we temporarily deactivated this listing. We are currently in the process of working closely with the owner or property manager to assist with revising their account with us and reinstating this listing.
How this impacts you:
*If you sent money to book this property, you should contact the owner or property manager by calling the phone number included at the top of this message. We recommend that you do not communicate with the owner via email until the listing has been reinstated.
*If you have not yet sent money but are still interested in booking this property, please wait to receive an additional notification from us that the listing has been reinstated with a revised account. At that time, you will be able to use our inquiry form to again contact the vacation rental owner or property manager. Also, be sure to follow the directions for paying safely found on your inquiry confirmation email and at our security center:
Please be advised that at this time, the rental property described in the listing is not eligible for participation in the Carefree Rental Guarantee program. If you have already purchased the Guarantee prior to this notice, please let us know.
HomeAway is working hard on HomeAway Secure Communication, a new system that will add heightened protection to correspondence between vacation rental owners, property managers, and travelers. Learn more here:
Please feel free to contact us should you have any questions.
VRBO representatives also told Railston by phone they couldn’t help him.
I contacted VRBO on his behalf and VRBO has agreed to review this case. I’m not entirely sure how productive any further involvement in a resolution would be.
VRBO doesn’t seem to like operating under the glare of the media spotlight, now more than ever. I imagine the Railston case is particularly embarrassing because it assured everyone the phishing problem was being addressed this spring. I haven’t had a phishing complaint in months.
Another fact worth noting: Railston tracked the IP address of the phisher to London, which is the location of the other phishing attacks. Wouldn’t it make sense for VRBO to contact law enforcement authorities in the U.K. to stop these criminals once and for all?
Clearly, they’ve figured out a way around VRBO’s current safeguards. Perhaps a police officer can be more persuasive?
The simplest solution, of course, is to ban all payment by wire on VRBO and its affiliated sites. Then travelers would be protected by their credit cards. End of story.
In the meantime: No. Wiring. Money.