Phishing is a common form of cybercrime in which a fraudster attempts to discover your passwords. If they are successful in doing this, it can become a very big problem for both you and your guests. An example of Phishing is when a fraudster will send an email that imitates communication from an organization you trust. These emails typically ask you to update or verify your account details by clicking on a link. This link leads to a counterfeit website that looks just like the real thing. When you enter your username and password on the counterfeit site, the details are captured and used to login to your account for fraudulent activity. 

The best way to protect yourself against these kinds of attacks is by arming yourself with some information about how they operate.

How does phishing affect holiday home owners and their guests?

Your booking enquiries are extremely valuable to a fraudster.  If a fraudster manages to get access to your email or Stayz account, they can also get access to your enquiries. The fraudster can then request and receive payments from your unsuspecting guests by posing as you, the owner of the holiday home.

How can I identify a phishing attempt as an owner?
A common phishing email might look like this:

User-added image

This email looks like it is from Stayz.  It tries to scare you into believing that something is wrong with your account, or that there is something that requires your immediate attention.
The link will send you to a fake website that looks like Stayz. However, entering your details will send them directly to the scammers and compromise your Stayz Account, and may compromise your personal email as well. 

How can I identify a phishing attempt as a traveller?
A common phishing email might look like this:

User-added image

This email has come from a scammer posing to be an Owner who is prompting the traveller to make payment using another payment method (AirBnb). To avoid being scammed by attempts like these, it is important to follow the below steps

    • ​Only pay through the Stayz payment system
    • Do not pay by direct bank transfer
    • If you receive an email with an attached PDF file directing you to make payment through an alternate booking site, do not follow this link
    • This is a link to a fake booking site that will request payment by bank transfer


    Another good way to identify potential phishing email is by examining the URL (or web address) that the email links to. When you view a web page (by clicking on a link in an email, for example), the “URL” or “Uniform Resource Locator” for that web page will be displayed at the top of your web browser. The URL is often called the “web address”. A savvy web user should have some familiarity with how URLs work.
    The URL has three different parts: the protocol, the domain, and the path:

    User-added image

    Any link you follow from a Stayz email will direct you to the “stayz.com.au” domain. The domain part of the URL should always end with “stayz.com.au”. If you look at the URL and see that it is not a Stayz domain, you should not enter any of your details. 
    Fraudsters will often create domains that are similar to Stayz, in order to try and trick users into providing their password. Examples of the sort of domains fraudsters use are:

    • login.stayz.org
    • blog.stayz.org
    • owners.stayz.com.au.login.online
    • stayz.login-online.com


    How to protect yourself and your guests from phishing
    Unfortunately, this type of online fraud is becoming increasingly sophisticated and it is becoming extremely hard to identify that an email or website may be fraudulent. However there are several simple things you can do to protect yourself:

    • Never click on a link within any email that you feel is suspicious, especially those which request you to update or verify your account information. Instead, open a new internet browser and type in the web address of the site you want to visit
    • If you become suspicious of an email which claims to be from a company or email provider you use for renting your property, please do not click on any link, simply click on the contact us section in the support portal and attach the email as part of the web form and submit. 
    • Always have the most up-to-date anti-virus software and firewalls
    • Make sure your passwords are difficult to guess and contain a combination of letters and numbers. Never give your passwords to anyone.
    • Never use the same usernames and passwords on different accounts
    • Hover over the links within the email without clicking on them to see if the links are the same as those in previous enquiry emails

    How do I report phishing on my account?
    Please forward suspected phishing emails targeting your Stayz account or enquiry to our Trust & Security team using the Contact Us button within the Support page and completing the web form and attaching any documents. 

    What do I do if I believe my account is compromised?
    Please contact us as soon as possible using the Contact Us button below. Immediately follow the steps outline in our “What do I do if my account is compromised?” article.