Vacation rental scams are a growing problem By Christopher Elliott | November 5, 2011 Tania Rieben thought she’d scored a bargain on a one-bedroom condominium in Maui for spring break. She’d found the vacation rental through a popular Web site called VRBO.com and then negotiated directly with the owner. But after she wired $4,300 for a six-week rental, the person claiming to represent the property stopped answering her e-mails, and she soon made a stunning discovery: The “owner” was actually a scam artist who had obtained the real owner’s e-mail password and assumed his identity. “Now the money’s gone,” Rieben says. “And I don’t have a condo.” Cases such as Rieben’s rental problem are crossing my desk with greater frequency. The crime against the Maui property owner is referred to as “phishing,” and it’s a large and growing problem. If you’ve ever received an e-mail from a friend who claims to have been robbed in London and needs a quick loan, then chances are you know someone who has been phished. There were 67,677 reported phishing attacks during the last half of 2010, up from 48,244 in the first half of the year, according to the latest Global Phishing Survey. The crime against Rieben? Simple theft. Someone stole $4,300 from her. Worse, she claimed that initially, everyone else involved in the vacation rental transaction, including VRBO and representatives of the property, tried to slowly back away from her problem. “The real property manager informed me that any e-mails, bookings or payments go through the company, not the owner, for all properties they represent,” she told me. “And VRBO is of course saying that there’s nothing they can do and that the e-mail probably was compromised on the owner’s end, not theirs.” Doesn’t VRBO bear some responsibility? I asked Carl Shepherd, the co-founder of HomeAway, which owns VRBO, about phishing in general and Rieben’s situation specifically. The vacation rental company has had 352 secondary phishing incidents this year, only a fraction of which have directly affected its customers, he says. He added that customers who hold the site responsible for phishing attacks don’t understand how VRBO works. “They’re not renting from VRBO,” he says. Instead, they are being connected to one of 625,000 property owners through the site. VRBO is simply the middleman in the transaction, and it can’t control how the owners do business. He said the site encourages them to use a secure system called Reservation Manager, which ensures that the money goes to the right person, but can’t force them to do so. Rieben’s case is complicated by the fact that she had communicated with the real property manager as well as the fake owner, according to VRBO. The property manager, who had advertised on VRBO, had raised some red flags when Rieben told her that she’d communicated with the “owner” and had been offered a $4,300 rate during high season, which is an excellent, if not unheard of, rate. But VRBO also leaves its customers with the impression that they’re renting from a safe place while they’re on vacation. It offers an optional insurance policy called the “Carefree Rental Guarantee” that protects against misrepresentation, foreclosure or double-booking. Some customers also say the site gives them an overall impression that they are more protected when they’re dealing with VRBO as opposed to renting a vacation space found through an Internet search or an online classified site such as Craigslist. I mention this because I recently tried to help another VRBO customer named Amy Hutt, who had booked a rental in Bali for this fall. At least that’s what she thought. Her story is almost identical to Rieben’s; she believed that she was dealing with the owner right up until she wired her $2,000. Then the “owner” disappeared, along with Hutt’s money. Hutt says that she had misgivings about wiring money to Bali but that when she expressed them, the scammer had a ready answer. Wiring the money, the phisher asserted, was her only option because it was a last-minute reservation. Even though Hutt had bought the “Care Free Guarantee,” a VRBO representative said that it didn’t cover phishing attacks. So the criminals got to keep her money. But after I asked about her case, VRBO contacted the property owner, who agreed to let Hutt vacation at their property. VRBO’s standard operating procedure in a phishing incident is to suspend the advertisers’ listings until they offer travelers restitution. As I write this, it is hammering out a deal between Rieben and the condo owner in Maui that would give her a $4,300 credit. That would be a happy ending for Rieben, and I sincerely hope that they can work something out. But the best way to guarantee a great vacation would be to follow one simple rule: Never, ever wire money. Once you hit “send,” it’s as good as gone. VRBO, for its part, hopes that despite the phishing attacks, people will still recognize it as one of the best places to find a rental home for a vacation. “We are the safest vacation rental site,” asserts Shepherd, claiming that “99.9 percent of our rentals are free of fraud. And we are constantly looking for ways to improve.” Christopher ElliottChristopher Elliott is an author, journalist and consumer advocate. You can read more about him on his personal website or contact him at firstname.lastname@example.org. Got a question or comment? You can post it on the new forum.More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus Absherlock Perhaps what need to happen is that the money is held by the middleman until it can be verified that both the renter and the rentee are legitimate. Z44212 Criminals are responsible for crimes – no one else. This type of brokerage site would be better to follow the example of the popular auction sites, to protect their customers. Otherwise they will find themselves without. Tony A. Simple solution. Never WIRE money to pay. Maybe VRBO should adopt this policy. Kovsky I had an excellent experience with VRBO in Hawaii a few years ago. I did my homework though and contacted the owner (in the US). I think a little more diligence on the renter’s part would have helped Bill Although I don’t think VBRO should be responsible, they should (if they don’t already have) information about phishing as well as advice not to wire money under any circumstances. Alan I’m an IT man. If this person reached the scammer by clicking on VRBO’s site, it’s definitely their fault. But what happens in most cases is that she signs up for an “account” on VRBO, starts getting e-mail advertising from the site, and eventually clicks through one of the e-mails to reserve a condo. Instead of a spam from the site, it turns out to be a phish imitating the site, and she’s beaming her vacation deposit to Nigeria. Carver I couldn’t vote. It really depends on the representations and impressions that a reasonable traveler would get from using the website. For example VRBO should have a list of admonitions for users of its site. The top admonition being that Western Union is never, ever, ever to be used with a VRBO transaction. Perhaps further that owners agree never to transact business via Western Union. dsddd Absherlock I don’t think that the extra cost of a middleman is necessary as long as buyers use a few small precautions. Specifically, all payments need to be made via credit card . S363 I’ve done a number of rentals through VRBO, with only one problem, not of this nature and not of their fault. (It involved an owner blaming us for damage we didn’t do, but I won the credit card dispute when he tried to charge me.) I have sent checks, but only after extensive checking to see that the recipient was legitimate. VRBO needs to do something to make sure customers know they are safe or its business is in jeopardy. They should require the use of credit cards or act as escrow agent. BrianPVD “…the site encourages them to use a secure system called Reservation Manager, which ensures that the money goes to the right person, but can’t force them to do so.” Of course they can! In order to protect the integrity of the site and protect both renters and owners, they can set up whatever terms they like as a condition of advertising on their site. With more than one case of phishing and losses in the thousands of dollars, it certainly makes me less likely to use this site. At the very least, they should offer prominent disclosures of how the site works, codes of conduct, and methods of (rapidly) confirming that the person they are corresponding with is the actual owner. sirwired If I was VRBO, I would: 1) Only allow communication between parties through VRBO’s systems. Place ample warning not to communicate through regular e-mail. 2) When forwarding any message from an “owner” to a renter, put in big, bold, red, type. DO NOT WIRE MONEY FOR ANY TRANSACTION! TO DO SO PUTS YOU AT HIGH RISK FOR FRAUD! 3) Provide an escrow service that takes the funds from the renter and holds them until one day after the rental period starts. http://www.pipdigital.com Nancy Dickinson It would be easy for the actual owner to be the scammer and take a lot of people’s money. I agree with Absherlock, the money needs to be held elsewhere until everyone is sure they are dealing with the correct person. Alternatively, perhaps they should develop a deposit program? Who pays for a 6 week rental in advance? Sounds to me as though consumers need to stop using VRBO until this is addressed. These rental owners have security issues and until it starts affecting THEM, they don’t care. Vote with your feet, people. Vote with your feet! JennieW Welcome to the VBRO experience. Even if there is a .1% chance of my getting scammed it’s not worth using them. Carver I don’t see a need for an escrow service is you pay via credit card. Otherwise I agree with you. Carver I have to strongly disagree. Is it possible for an owner to be a scammer. Sure, by posting fake, outdated pictures, etc. But the odds of an owner being straight up criminal, e.g. taking the money and disappearing is infinitesimally small. Unlike the phishers, we know the owners name, address, etc. The owners cannot hide behind anonymity, unlike the scammers Mark K I thought the entire reason for using a service such as VRBO was that they act as a middleman and escrow agent to prevent issues like this from occurring? While I am sure that if the rental owner uses the “Reservation Manager” product VRBO takes a cut of the money, at least both parties have a higher degree of assurance that both are legitimate and neither will lose out. If that cut is too high, I can see the desire of the owner to bypass that system. It would mean more money in the owners’ pockets and possibly lower prices to the renters. But then this makes the entire process just as risky as picking a random property out of a newspaper ad. After hearing about so many of these issues, I am almost convinced that it might be some of the actual owners trying these scams on the renters and then claiming their email was compromised. What is there for them to lose? They scam a few potential renters, keep the money, and claim they know nothing, change their email address to make VRBO happy, and repeat after a sufficient period of time. If they get a few renters who are legitimate during the process who give them a glowing review, so much the better. Durant Imboden The “Reservation Manager” idea is interesting, but there are a couple of simple precautions that renters can use to avoid problems if the landlord isn’t using that service: (1) Rent from landlords who have a track record with the listing site, or (2) Rent through an agency–one with a track record and reputation–as opposed to a listing site. For what it’s worth, my wife and I have rented many apartments in Europe–some through llocal tourist-office listings, some through agencies, and some via HomeAway–with no problems whatsoever. LeeAnneClark Having spent years working as a volunteer to assist “419” scam victims (419 is the Nigerian criminal code for internet scams), I am very familiar with this scam. The vast majority of these scammers are in West Africa, with a smattering in South Africa, Europe & Asia. Anybody doing any type of transaction on the internet needs to educate themselves about 419 scams (also known as “advance fee fraud”). This link provides a wealth of information about the many types of internet scams: http://www.scamwarners.com/ The most basic rule to avoid internet scams is this: NEVER NEVER NEVER wire money to someone you don’t know personally! That is it in a nutshell. If you avoid doing that, you have done 99.9% of what’s necessary to never get victimized by a scammer. Simple as that. No one should EVER use Western Union, Money Gram, or any other money-wiring service to send money to someone they haven’t met. In fact the rule should be: never wire money to anyone who doesn’t share your last name. And you should be ON THE PHONE with the person while you’re doing it (to avoid sending money to a scammer who is pretending to be someone you know). No legitimate business transaction should ever take place using money-wiring. There is no way to stop the scammers, so don’t expect laws or governments to do anything about it. Most of them are sitting in sweaty, fly-riddled “internet cafes” in Nigeria or or Ghana, sending literally millions of scam emails out every single day alongside dozens of their co-horts. If even one email a month fools some shmuck into wiring them money, they’ve made enough to live like royalty. Don’t be that one. Educate yourself. As for who’s at fault here, it’s everyone. VRBO should do more to educate their customers AND the property owners. They should enforce using Reservation Manager (and why can’t they?). Customers should educate themselves about the risks of doing business with strangers over the internet, and learn what not to do (wire money…EVER). Property owners should bite the bullet and ONLY do business using a secure system such as Reservation Manager – and they need to be more secure about their emails. No scammer would ever get into one of their emails if they didn’t either use stupid, unsafe passwords, or fall for phishing schemes which hand their passwords right into the hands of scammers. If nobody did anything dumb, nobody would get scammed. $16635417 “We are the safest vacation rental site,” asserts Shepherd, claiming that “99.9 percent of our rentals are free of fraud. And we are constantly looking for ways to improve.” Their new slogan? “VRBO-We’re almost fraud free!” Eric I have a few comments. $4300 for a six week rental? That alone should have raised a red flag. And she communicated with the property manager at the condo complex who raised red flags. And you never, ever wire money to someone you don’t know. And even then, double check with the person to be sure their e-mail account wasn’t hacked. In this case, the OP is extremely lucky. She’ll get some sort of credit she can maybe use during the low season, which is better than nothing. EHamill We’ve rented several places through Homeaway.com and VRBO and for all of them an initial deposit was required (either by credit card or check) and then we were not billed/paid until we had checked into the property. So, it worked similarly to a hotel/motel. y_p_w I’m rather unclear on how the money was wired. Was it wired to a US bank account? In that case I would think it could be traced to the owner with a fraud report and a court order. If it was Western Union, then I’d be very, very cautious. Still – doesn’t the name of the recipient need to be given? I haven’t really been personally involved in wiring money, but I did once work at a company with lots of vendors with invoiced to be paid. Occasionally there was a rush case where we would use a wire-transfer, but it was always to a bank account. Lindaj I have used VRBO several times for European locations without problems. However, I also am extremely careful about the money transfers. I research the owners myself in order for this to not happen. I realize that no matter how careful your are something can always happen. When you can always pay with a credit card. Lindaj Good idea but this will only add to the cost of the rental since the owner will have to pay for this service. http://www.pinehollowlodging.com/ Jason Frome Unfortunately, these scams are becoming more popular. Is it the listing site’s fault that they were phished? Or the property owner’s fault? Or the scammer who phished the site. As I see it, the laws need to change to deter scammers and the technology needed to catch them needs to improve… and quickly. As the saying goes, the best defense is a strong offense. The first thing renters need to know is to never pay in a way that they’re not protected like wiring money or sending a money order and certainly never cash. Once that money is out of your account, there is little or no recourse. Pay by methods that offer you some protection if you are scammed. Generally speaking, credit cards offer a very good level of safety. Some cards are better than others, but most will protect you against fraudulent charges and void the charge once you’ve proven it’s a fraud. PayPal is very good also. Most management companies are reliable, but they are not as frequently found on listing sites (like HomeAway, VRBO, etc) as individual owners are, unfortunately. Craigslist has changed significantly over the last five years or so. We won’t even post our properties there any more due to the amount of spam WE received and there have been many stories found on line and in the Vacation Rental chat rooms about CL based scams and phishing. So we avoid them totally now. Knowledge is power. Do as much research as possible. And contact the owner numerous times through various methods; phone, email, etc. In New York, we must be licensed real estate agents to manage more than one property that we don’t own. So we’re easy to check out for legitimacy. Individual owners are not as easy. But at least, google them and the house address. Then never pay cash (like wire transfer). LeeAnneClark When you “wire” money, it is not to a bank account, but to a person’s name, using an “MTCN” (money transfer control number) as the key. You go to Western Union or Money Gram, send the money to John Smith, and they give you an MTCN. You then email the MTCN to the recipient, who goes to any Western Union in the world to pick it up. As long as the person has the MTCN, they can pick up the money – even if they don’t have an ID with the name on it (although they are supposed to). In foreign countries like Nigeria & Ghana, the Western Union offices are not very particular about making people show ID…as long as they show up there with a valid MTCN that has money attached to it and say they are John Smith, they get the money. Once they pick up the money, they are gone – off into the wind, with your money. There is no way to trace it. The scammer is usually a con artist with no “official” identity – just a scumbag criminal living in some lost village in Nigeria, who spends his days at an internet cafe in Lagos using any means he can to convince Westerners to send him a valid MTCN number for any amount of money. Transferring money to a bank account is something entirely different – but that is not necessarily safe either. Once the recipient receives the money in their bank account, they can easily close the account and POOF – off THEY go into the wind. If the person is in a country such as Nigeria, you’ll never be able to get the bank or law enforcement to find that person. Wiring money to strangers is NEVER a good idea…period. Carver I think a better question is what is there for the owners to gain. Unless they happen be extremely lucky and double book the same week, it is unlikely its the owners who are the scammers Sharonmargret What about using Paypal? Candice806 I couldn’t vote and I agree with Alan that if the renter “buys” a vacation via clicking through an email link which looks like it comes from VRBO, but was really hacked, then you can’t hold VRBO responsible. (although I do think that the right thing to do is for VRBO and the renter to helped the scammed person, and come up with a reasonable deal.) However, if I were interested in renting one of their properties and got an email with a place I liked, I would never click through the email link. I would log into VRBO’s site and look for that property there. If the same scam happened from booking on VRBO’s site, then in my opinion VRBO needs to be held accountable and make things right. Also, as far as insurance, I’ve never booked a rental vacation property, however, like with a cruise ship, I never buy insurance through the cruiseline, or vacation seller, I buy it from an independant insurance company that sells vacation insurance. It’s always a better bet. S E Tammela I voted no. It would be nice to hold VRBO responsible, but these two stories (and others on other sites) have been a bit unfair. Phishing is essentially people getting hacked and scammed. It’s beyond VRBO’s control. It would be exactly the same if you won an eBay auction and some jerk got into the seller’s email and convinced you to skip PayPal and wire it instead. Incredibly sad but not eBay or PayPal’s fault. In the end it is the buyer’s responsibility to use due care when it comes to sending money. Even if this seems like an unfair thing to expect of buyers who aren’t very experienced on computers. Sending money by wire is NEVER a safe thing to do, no matter what someone tells you. Pick a safer option or turn away. It’s not a bargain if your money goes bye-bye. S E Tammela I used a similar site with no problems. It introduced me to the owner, with whom I spoke on the phone, and then I made payment by my credit card. Protected by my bank, no problem. VRBO could certainly be just as simple and safe. Sadly there are too many people who don’t understand the risks of sending money by wire. http://www.pipdigital.com Nancy Dickinson I’m not sure even Paypal could do anything about this. But, I have to admit, I only use Paypal for the most simple of transactions such as receiving money from members of my high school class or sending money to one of my kids. tomRI VRBO should let the renter only pay via their site and thus they would collect the payment and then remit to the REAL owner. VRBO could then take a $25 processing fee and they could also tax credit cards which would protect BOTH parties. But VRBO does not want to do this because they do not want to get into the finances. FTL Vacation Rental NEVER wire the full amount. That’s just crazy. Use a credit card. That way, at least you are insured (sort of). Make sure you do your homework before you pay any amount. Are you renting from a company? Or a person? Do you have the address so you can Google map it? Vacation Rentals are definitely a great value, but you need to do your homework. We don’t like using a “Middle Man” when renting out our vacation rentals. Clients deal with us directly. When visiting Fort Lauderdale, consider staying with us, FTL Vacation Rental. Check out our website at http: //FTLVacationRental.com or look for us on Facebook Geoff If theft occurs outside of the company, how can they be held resposible. I guess that Elliott.org should therefore pay the damages, because he reported on the matter, giving somebody else the idea. As grandma used to say, POSH. Sharkman People should really know better than to wire money. I don’t think that the owners can be held liable either because their account was effectively hacked. It really doesn’t make sense to talk about what VRBO will do about it because they won’t. VRBO’s actions in terms of pressing an owner to offer restitution is suspect given the owner didn’t do anything wrong and is now going to shoulder some of the loss. In this case, VRBO is totally passing the buck Martin I’ve had excellent experiences with VRBO and similar sites. Charles B and yet you’re still using the internet. Durant Imboden Just out of curiosity, does anyone here know what percentage or fee the owner has to pay for using VRBO’s “Reservation Manager” escrow option? http://www.thetravellingfool.com Thetravellingfool I have rented vacation condos before that I have found on various sites. I have never rented blind from the internet though. I usually book a 1-2 day hotel room, stay there, and make arrangements to see the rental.Then I pay directly to the landlord or his representative after seeing the place. I figure if they have the keys then it should be okay. Sometimes the rental I am looking for is gone but usually there are others just as good. Drtoy This is a terrible situation that preys on people. Craigs list has had a lot of these scam artists posting places for rent in NYC as i found out last year. Sorting them out gets to be dicey and challenging. Beware of anyone who wants money but provides little or no information and no address, phone and reference. Charlie Non existent or existent but illegal vacation rentals are popular in places like NYC and people fall for the low prices for mansions. It looks too good to be true…but maybe just maybe they have won the one bargain in town this time. We had these problems in Virginia Beach and Williamsburg, Va. In Wmsbg a woman was renting homes…but actually all over the world…and was caught and prosecuted. She really messed up people who would arrive with no accommodations to be had. In VB I have checked some beautiful homes for people only to find perhaps they did exist but not with a pool as stated..and who knows what else was not true; or the house existed but ahem was owned and occupied by someone already with no thought of renting it out. So one thing that can be done is to check travel forums and communicate with locals, asking them if the place really exists, etc. Places like tripadvisor’s travel forum by state, for example. http://twitter.com/TravellerBase TravellerBase.Net wouldn’t be good to make the payment only available through VBRO, Ithink that wiil protect the customers VRBO Owner We have posted our vacation rental property for 11 years on VRBO. You only see two large scam situations here. BOTH involved money being wired. I don’t know any legitimate owner that would ask for money to be wired. We have many many people try to scam us, however we stay informed and quickly spot them. Please don’t be turned off by these two situations were the buyer engaged in a transaction (wiring money) that has been proven to be the preferred method for scamers. VRBO stands for Vacation Rental by Owner. We are able to offer a quality property at a low price because we do all the work ourselves, no middle man or property rental company. Nora Popowitz My VRBO nightmare was not a scam, but an ethically-challenged homeowner, who decided not to plow the approach road nor the long driveway to his Yosemite A-frame. Even pre-paying my reservation by American Express didn’t help. American Express declined my charge-back twice, based on the rental contact skewed in favor of the homeowner. In addition to phishing and scams, worry about homeowners! Based on my family’s miserable VRBO.com experience, here is what can go wrong:~ Rental contracts skewed to the homeowner~ Pre-paid~ NON-refundable, even in the event of an “adverse condition” of the property~ Often no local professional property manager to solve “adverse conditions”~ “Adverse conditions,” where YOU, as the renter, paid in full and arrived, but the home was inaccessible (unplowed snow, landslide, bridge out, etc) OR the home was unsanitary (rats, roaches, unclean). These scenarios will NOT be covered by the VRBO.com insurance, the homeowner may chose to NOT give you a refund, and your credit card may DISALLOW a credit b/c of the tight contract that you signed. “Nonrefundable” contracts are, yes, nonrefundable.~ In the end, VRBO.com may not allow you to write a truthful review of your experience with your unethical homeowner, b/c you didn’t actually get to STAY in the property that you couldn’t access. So you can’t even warn other consumers, except in venues like this one. http://twitter.com/DepositGuard DepositGuard not if using DepositGuard mendocinolover We got a personal experience and its blogged here http://blogs.zaranga.com/2012/06/23/personal-experience-craig-list-vacation-rental-scam/ Smitha Atleast what they could do is make the booking and then take the card identity make it payable at the couter when the client reaches the place and checks out. That would be on of the safest options. jackkessler Even before fighting over who ought to take the loss, the best thing for VRBO landlords to do is reduce the risk of future loss. Several email providers, including Gmail, provide high security logins. Before one can log in to a secured email account one needs not only the password but also a six digit code which is sent to the legitimate user’s cellphone upon anyone attempting to log in from a computer that is not authenticated as trusted. That means that the scammer must steal both the user’s password AND her cellphone to get into the email account. Which is very hard to do from Bucharest where the MF’s who hacked my email account and cost me a summer’s rentals were. Also take seriously VRBO security department’s recommendation to create a separate email account used only for VRBO correspondence. That greatly reduces the likelihood your password will be stolen in the first place. And don’t be an idiot like I was. Use different passwords for your regular email account and for your dedicated VRBO email account.