Tania Rieben thought she’d scored a bargain on a one-bedroom condominium in Maui for spring break. She’d found the vacation rental through a popular Web site called VRBO.com and then negotiated directly with the owner.
But after she wired $4,300 for a six-week rental, the person claiming to represent the property stopped answering her e-mails, and she soon made a stunning discovery: The “owner” was actually a scam artist who had obtained the real owner’s e-mail password and assumed his identity.
“Now the money’s gone,” Rieben says. “And I don’t have a condo.”
Cases such as Rieben’s rental problem are crossing my desk with greater frequency. The crime against the Maui property owner is referred to as “phishing,” and it’s a large and growing problem. If you’ve ever received an e-mail from a friend who claims to have been robbed in London and needs a quick loan, then chances are you know someone who has been phished. There were 67,677 reported phishing attacks during the last half of 2010, up from 48,244 in the first half of the year, according to the latest Global Phishing Survey.
The crime against Rieben? Simple theft. Someone stole $4,300 from her. Worse, she claimed that initially, everyone else involved in the vacation rental transaction, including VRBO and representatives of the property, tried to slowly back away from her problem.
“The real property manager informed me that any e-mails, bookings or payments go through the company, not the owner, for all properties they represent,” she told me. “And VRBO is of course saying that there’s nothing they can do and that the e-mail probably was compromised on the owner’s end, not theirs.”
Doesn’t VRBO bear some responsibility? I asked Carl Shepherd, the co-founder of HomeAway, which owns VRBO, about phishing in general and Rieben’s situation specifically. The vacation rental company has had 352 secondary phishing incidents this year, only a fraction of which have directly affected its customers, he says. He added that customers who hold the site responsible for phishing attacks don’t understand how VRBO works.
“They’re not renting from VRBO,” he says. Instead, they are being connected to one of 625,000 property owners through the site. VRBO is simply the middleman in the transaction, and it can’t control how the owners do business. He said the site encourages them to use a secure system called Reservation Manager, which ensures that the money goes to the right person, but can’t force them to do so.
Rieben’s case is complicated by the fact that she had communicated with the real property manager as well as the fake owner, according to VRBO. The property manager, who had advertised on VRBO, had raised some red flags when Rieben told her that she’d communicated with the “owner” and had been offered a $4,300 rate during high season, which is an excellent, if not unheard of, rate.
But VRBO also leaves its customers with the impression that they’re renting from a safe place while they’re on vacation. It offers an optional insurance policy called the “Carefree Rental Guarantee” that protects against misrepresentation, foreclosure or double-booking. Some customers also say the site gives them an overall impression that they are more protected when they’re dealing with VRBO as opposed to renting a vacation space found through an Internet search or an online classified site such as Craigslist.