Crooks are targeting ski chalet businesses online, and causing lost holiday grief to many skiers, boaders & holiday providers alike. All are at risk but most of all are the smaller independent companies using less secure email services.
Now ChaletFinder, the online chalet industry market leaders, have started a campaign to highlight this fraud that has devasted many holidays, particularly of poorer clients such as students or groups.
There is no universal solution to digital security but an awareness of how the typical hacker is operating, applying a few simple rules & general vigilance is enough to vastly reduce the risk.
The crooks are hackers seeking soft targets, and most get entry by gaining a password to an online site, often through a fake email impersonating the site.
They usually send an email which asks you to reset your password to a popular site. Twitter has been impersonated several times because the email the crooks send is very convincing and often uses your avatar image or that of your genuine Twitter followers . You are tempted to click on the email and enter a fake version of a real site, again highly convincing.
The hackers, when hitting chalet operators, usually ask them to only input a new password. They bet on the fact that the holiday provider use this password or something similar for other accounts. They will aim to impersonate the accommodation provider and contact their customers, they will try and get the customer to pay for their holiday into a false bank account.
How to beat the crooks – as an accommodation or holiday provider
Using unique and complex passwords for your business email accounts is essential. A big pain as it’s near impossible to remember a complex password but this is the only way. Keychain software is an excellent solution, these programs are just a “Google” away and store all of your passwords in one secure system, entering them automatically as you need them.
Suspecting & checking
emails carefully & being suspicious will certainly help, as we mentioned above, faking emails from sites you use is a common way to steal your password.
Staying in contact with your customers by phone and clearing the payment procedure with them directly will help the customer raise the alarm if they receive contact from fraudsters. Publishing your payment process on your website & explaining it to your new guests as they decide to book will allow them to notice if a fraudster impersonating you contacts them asking for the deposit.
There is no fool proof defence, but it’s possible to make it ten times harder for this fraud to occur. They are professionals & this fraud is their business, to fight online fraud in our industry we need to raise their costs and reduce their profits until it’s no longer profitable.
Dan from ChaletFinder tells us “We are aware of cases where holiday makers & holiday providers have lost very large sums of money & suffered distress & extreme inconvenience. We believe that if the vast majority of us in the industry take simple steps & share concerns we will reduce the number of these awful instances.
Please contact us at ChaletFinder for help if you feel you need it or have a concern. We have foiled at least 3 attempts this season so far and want to help as much as we can.
ChaletFinder advertiser, SkiHutte39 explained how they avoided trouble with a little help.
“We had a call from ChaletFinder earlier in the season as they’d noticed a strange message sent out from our Twitter account. With their help and the help of my web designer, I investigated the matter and found that our Twitter page had been accessed by fraudsters. We contacted our guests and potential guests to ensure they were not being misled and found that imitation emails supposedly from SkiHutte39 had been sent to several of our guests. We’d never believed that hackers would target our small independent chalet business, we’re very thankful to have been able to stop them before any damage was done. We’ve invested in better security and better habits to prevent this ever occurring again, we’d certainly advise the same measures for all holiday businesses big and small.” – Jillian from SkiHutte39.
If you find an email suspicious & don’t know how to check it’s validity, ChaletFinder are happy to receive an email from any ski holiday provider (advertiser or not) and assist in checking out if it’s genuine. Just contact firstname.lastname@example.org for our free analysis.