It CAN happen to you.
Irony, it strikes when you least expect it. I’m not a fan of irony; I like things to turn out as they are expected to. Which is probably one of the reasons why I’m so analytical, and careful. The irony of the subject of this post is that I am a social media security consultant, and I got caught in an Internet scam. I would like to think this is the Universe using me as a conduit to warn everyone else out there that these nefarious scumbags are out there, and what they are up to. But it’s not; it’s just my own stupidity, and failure to listen to my instincts, which are never wrong. But, a positive outcome of the whole debacle is that I do get to warn you all about the bottom-dwellers out there on the Internet who formulate these clever and professionally set up deceptions.
Let me start with setting the scene for this drama, which is important, because these scammers often operate in areas where transactional decisions are subjective, and we are less likely to have our guards up. Places like eBay and other auction sites, car sales sites, dating sites, real estate sites, and accommodation and holiday rental sites, which is the place where my hard earned Euros met their dishonest fate.
I live in Paris and was searching for a destination to spend my August holidays. Paris in August is depressing if you live here. Most of the French leave to go on holidays and the city becomes the hot, dusty domain of tourists. Many of the local businesses are closed and the city loses a little bit of its ‘Frenchness’.
I decided on Corsica (or ‘la Corse’ as the French know it), and started looking for a cute little holiday house that I could invite all my friends to. I was very excited about the prospect, as it would enable me to say thank you to all the wonderful people who had opened their homes, boats, and holiday houses to me over the years.
My prospecting began by asking many of my French friends for advice on where to stay on Corsica, if they knew of anyone with a house to rent, or where to go to start looking. I was soon to discover that trying to find a house on Corsica for the month of August was like trying to find a house in Byron Bay for the Christmas/New Year period, nigh on impossible!
I eventually stumbled upon the holiday-house letting site HolidayLettings.co.uk. I did my research and established that this was a reputable site, backed up by TripAdvisor. I found several houses that fitted my criteria, one of which I was very excited about. I sent off my availability enquiry via the listing on the site and waited eagerly, hoping it would be available for my dates. Here is the danger point, the point at which we stop being objective about a purchase and become subjective. I was already dreaming about the long, hot lazy days around the pool, BBQs in the evening, and trips to the beach. My guard was down.
Nice huh? You can see why I was excited.
I did note that even though the listing stated that this owner had been with the site for 3 years, that there were no telephone numbers for the owner of the property, nor were there any reviews for the property. I put the no phone numbers down to privacy, expecting they would come once I made contact with the owner. The fact that there were no reviews didn’t bother me (enough).
I received an email from HolidayLettings.co.uk saying my enquiry had been sent to the owner of the property. The email did include some advice about conducting transactions via their site, but to my discredit, I didn’t pay much attention to them. This is the false sense of security that a large, reputable site offers, which is why Internet crooks love them.
It wasn’t long before I received an email from the owner of the house. There was nothing suspicious about it, and it clearly showed that my enquiry had been passed to the owner from the HolidayLettings.co.uk site. The email included the same graphic showing my booking enquiry as the one I had received from the actual site, and a snippet of the text of the email. The email was addressed directly, by name, to me. And the email was signed with the same name as the one on the listing on the site. The address that the email was sent from did look a little bit strange, but I shrugged it off, these Euros are always spelling our English words in funny ways.
The offer included in the email (“If you choose to book now, you will be eligible a 10% discount for full payment in advance. Our regular payment terms, 50% in advance and 50% at check in”) also seemed a bit suspect, and I did take note, but I rationalized that they probably have many people who enquire about these hard to find properties, many of which are owner occupied, except for the summer, and that they are eager to lock down a renter and avoid being left with an unrented house for the summer.
Somewhere, off in the distance, beyond my earshot, tiny little warning bells were beginning to sound, but I didn’t hear them over the roaring summer anthem that I was currently listening to.
After replying to the owner’s email confirming dates and requesting payment details, I received a reply that really should have made me pay attention. In the email, the owner said that they only accepted bank transfers. Usually, with these types of transactions, it’s much safer to use a credit card. My rationalization? They were not a business; just a person letting their house for the holidays and they probably preferred cash for ‘tax’ purposes. And anyway, a bank transfer is safe, right? Ha! They also requested details from me that you would expect to be asked for in this type of transaction. It requested address, telephone numbers, number of people who will be using the house, but nothing suspicious.
The next email I received from the owner included PDF files of an “official” rental agreement and refund letter. Both documents were printed with the HolidayLettings header and footer, the rental agreement was signed by the owner, and contained bank details for a Lloyds bank in England. This was another well thought out ploy by the evil scammers. A well known English bank account is not going to raise the alarm like say, an obscure Nigerian one would.
Again, there were several things about this email that should have set the “don’t do it Stupid!” sirens ringing. The owner was quite pushy about receiving the money within 72 hours, stating that my booking was not secured until the money was received and acknowledged by the owner’s accountant. They also stated that until the money was received the price was subject to change.
I replied, telling the owner that he was being too pushy and he immediately replied apologizing. Now, having lived in France for a while, I know that sometimes, the French can be quite demanding, in a way that those of us of British descent often find quite rude. So this pushiness of his also didn’t give me too much cause for concern.
So off went my money, via International Bank Transfer, and apart from a little ‘empty wallet’ remorse, I was not too concerned. Although in hindsight, maybe that uneasy feeling I had was my instinct telling me something wasn’t quite right here.
I sent off an email confirming the bank transfer, and asked a few questions about maintenance at the house and the logistics of getting the keys etc. The owner’s reply email to me acknowledged receipt of the signed rental agreement, and also gave me the coordinates of the house (they are so clever). When I looked up the coordinates of the house, it was the right village, but the wrong house. Warning bells? Well if they were ringing, I might have heard them, but they didn’t register. I just replied stating they were wrong, and of course, received another email with the right coordinates, and confirmation of receipt of payment.
So when did I start listening to the alarm bells?
About 5 days later I received a very terse email from the owner telling me that my dates would be cancelled if he didn’t hear from me. I replied requesting clarification and received no reply. I sent several more emails over the course of the next week, and after receiving no replies I contacted by email the HolidayLettings.co.uk customer support line. I expressed my concern about the validity of the owner, and was assured he was legitimate and had been with the site for 3 years, and that they had no problems with him. They acknowledged the fact that there were no phone numbers on the site for the owner, and suggested that he may just be travelling which was why he hadn’t responded to my emails.
But I wasn’t convinced. By now I was 100% sure I had been scammed. I sent another email to the customer support line listing my reasons for being concerned, among them the fact that there were no reviews for the house, and I asked whether they had any records of the house being successfully rented before. They replied stating that it often takes a while for reviews to be posted, and, they had only been posting reviews on the site for listings since last March. They also once again stated that they had had no issues with the owner. However, the final line of their email caused me to suspect that they were now taking my suspicions seriously: “As Holiday Lettings was not party to the booking or financial transaction between you and the property owner/manager, we are not in a position to intervene in any disputes arising between you. However, we do take complaints very seriously, monitoring all feedback (negative and positive) and recording it on the relevant account.” When a company starts quoting their T&Cs (Terms and Conditions) at you, what they are really saying is “tough tittie, you’re on your own sucker”.
I knew it was all over red rover and started to move into recovery mode.
The next emails I received were from the owner, and they were from a different email address to the one I had been receiving emails from him to date. He stated that HolidayLettings had contacted him, and one was worded as if he was hearing from me for the first time. He included 2 telephone numbers, both of which were not connected.
I emailed HolidayLettings.co.uk asking again if they had any record of any bookings for this house in the past, and was again stonewalled. I replied telling them I was going to the authorities in Paris, and that I would be doing everything I could to publicize this scam. I received a reply with 2 new phone numbers for the owner. They also said that he was on Réunion Island. Ding-a-ling-a-ling! I remember seeing stated on the advert for the house that the house was lived in when not being let out to holiday makers. If he lived in Corsica, at the house, why was he living on Réunion Island?
I rang the owner and told him of my concerns. He professed to know nothing of what was going on, and that he had no bank account in England. I told him I planned to report the fraud, and he couldn’t get off the phone fast enough. When I tried to call him back a little while later he did not answer the phone.
I also received an email from a senior customer support advisor stating that they had spoken to the owner and they had no reason to believe there was a problem with the owner. So where was my booking and my money?
Several more emails and a phone call between the senior customer support advisor and myself only confirmed my suspicions that I would be getting no assistance from HolidayLettings.co.uk. He suggested that the owner’s email had been hacked from the very beginning by these scammers, but I’m still not convinced. What is bothering me is the lack of phone numbers on the original advert on the website, the lack of reviews on the property, and that HolidayLettings.co.uk would not confirm that there had been any previous bookings for the property. The HolidayLettings.co.uk senior customer support advisor stated that he would report it to British police and that he would notify me when he had done so. I have still not heard from him, and it’s been over 2 weeks.
Now I have a dilemma. Where do you report an online fraud about a French property on Corsica, owned by a French guy on Réunion Island, procured through a British owned website and company? I did some research online and found an excellent British online fraud reporting tool, Action Fraud, that reports to the British police and also collects data about online fraud that is disseminated to several fraud prevention and detection agencies.
You can find it here: http://www.actionfraud.police.uk/
The American version is here: http://www.ic3.gov/default.aspx
I have also enlisted the help of my French lawyers to prepare the report to the French online fraud organization (my French is horrible at the best of times and certainly doesn’t stretch to reporting a fraud at a police station in Paris). They are currently in the process of examining all my emails to and from the owner of the house, and HolidayLettings.co.uk, and involving the French police. I’ll keep you posted on progress.
There is one unquestionable reality in all of this: my money is gone. There’s no point crying over money, but I am disappointed that I don’t have a cute little house on Corsica to invite my friends to, for a lovely summer holiday. I’m thinking of doing the Camino de Santiago de Compostela as penance for my stupidity instead.
To sum up, this long account of what happened is not to excuse my failings, I take full ownership of those, but to show you how easily it is to fall for such a scam, and how the scammers are aware of what to target and why.
How can you protect yourself against these sorts of scams? Here are my suggestions:
- Don’t make these types of decisions alone. Always ask a trusted friend or colleague what their opinion of the process is to date. Especially when there is money involved.
- Always be wary of offsite transactions, you are unprotected, especially by the website, even if it is a large and reputable one.
- Always read the website’s Terms and Conditions if there is going to be a financial transaction, or value exchange of any type.
- Thoroughly check out the person or business you are transacting with, and always speak to them via telephone, don’t just rely on emails.
- Try to use a credit card to make any payments with. If you are going to make a bank transfer, contact the receiving bank first and ensure everything is above board. The name on the account should link directly to the person you are transacting with.
- If you have any doubts at all about the person you are transacting with, don’t send any money, and report it to the website the transaction was initiated from.
- Keep all written records of your interactions, and make a note of all phone calls.
- Listen to your instincts, they are always right!
What could the HolidayLettings.co.uk website have done better? In my humble opinion they could have:
- Highlighted the importance of speaking to the person you are going to transact with on the telephone. This should be included in their response to your enquiry and should be unmissable.
- IF this property has in fact not had any successful bookings since it has been on their site (where the advertisers pay a fee to advertise I believe), the listing should be queried. HolidayLettings.co.uk should demand proof of viability from the owners of the properties listed.
- Advise owners and potential renters of the possibility of email hacking and how to ensure they are not victims.
- Taken my concerns seriously and dealt with the problem immediately, by contacting the owner, establishing if there had been a fraud immediately, and if so, contacted the police immediately.
If you or anyone you know has been the victim of Internet fraud, we would love to hear from you here.
The Follow Up…
About a week after reporting this fraud on the ActionFraud website, I received an email from an English police officer. He said that he had had an Indian guy in custody over this scam and defrauding, but had had to release him because of lack of evidence. The guy had then skipped off back to India using a false passport, but they were still tracking him in India. It makes me wonder, if HolidayLettings.co.uk had taken my concerns seriously the first time I contacted them, whether or not there may have been a chance the police would have had the evidence to detain and charge this scumbag.
I’ll update this blog if and when any more news comes to hand. Meanwhile, please share this blog entry with your friends, families and colleagues.