Protect Your Account From Phishing With Our Online Security Checklist

Mar 29, 2017 | Security

The online security of the travelers and homeowners who use our sites is our top priority. We’re proud to say that occurrences of fraud are extremely rare. Our teams and systems work around the clock to keep it that way.

It’s important to be aware of the risks and ensure that you’re doing everything you can to keep your personal email accounts safe.

Very rarely, fraudsters attempt to steal personal email login details (i.e. Gmail, Yahoo, Outlook, etc.) from rental owners, with the aim of fraudulently posing as that homeowner over email, communicating with unsuspecting travelers, and re-directing payments.

The fraudster’s first step is to get you to reveal your email login details. Watch out for warning signs and put some simple security measures in place. Use our security checklist to keep your personal email accounts safe.

1. Understand Phishing

Phishing is the practice of sending emails that appear to be from a trustworthy source to get sensitive information (like your login and password) for fraudulent purposes.

These emails may look exactly like a standard TripAdvisor Rentals email, but actually have a slightly altered or misspelled sender address. They may even contain a link directing you to a login page that looks like TripAdvisor Rentals, but with an ever-so-slightly altered URL. You then enter your login details and the scammers now know how to access your TripAdvisor Rentals account and anywhere else you might use these same login details.

For example, the email may ask you to “verify your email address” or “please confirm your password” with a link directing you to a fake login page.

For more information and to report an incidence of fraud, visit the Federal Trade Commission website in the U.S. or Action Fraud in the UK.

2. Look For Signs Of A Fake Inquiry

Phishing emails are often made to look like traveler inquiries. Check your emails carefully to ensure they’re legitimate by looking out for these following things:

The email is undoubtedly from us. 

We will only ever contact you from email addresses ending in:

  • @tripadvisor
  • @holidaylettings.[your country code]

Fraudsters can make an email appear to come from one of these addresses, so it’s very important to check.

The login page URL starts with https and shows the TripAdvisor LLC verification certificate.

We’ll only ask you to log in to your TripAdvisor Rentals account with a website address that starts in https://. Note that the https component is vital because it means the site is secure. Also note that the “TripAdvisor LLC” verification certificate should be visible at the beginning of the URL string.


Check the links included in any email you receive carefully. The text in the link may not necessarily match the URL you’re taken to. No matter what the links look like, always double check that you’ve landed on a site beginning with https.

You should be suspicious if:

  • The sender asks you to click on a link that takes you to a website address that is not and then asks you to enter sensitive information.
  • The email is written in non-fluent and/or overly formal English. (However, please note that you may receive legitimate inquiries from travelers who don’t speak English as their first language.
  • The email includes the following language:
    • Any requests or directions related to “synchronizing” your accounts. We won’t send you an email asking you to do this.
    • Time pressure. Emails demanding you “act fast” or put you under undue time pressure (“do this within 24 hours or your account will be close”) aren’t from us.

3. Protect Your Email Account

  • Think about setting up a designated email address just for inquiries from travelers – your other online accounts won’t be affected if this address is hacked.
  • Some email providers have an additional security measure called 2-step verification. If you access your email account from an unknown device, you’ll receive a pin code via text message to complete your login. If a hacker tries to access your account, you’ll be alerted by the text message and the hacker won’t have the code to get any further.
  • You should also check the settings on your email account to make sure nothing has been changed. Fraudsters often set up redirects on email accounts, which means they could be receiving your inquiries and requesting deposits.

4. Use Different Passwords For Each Online Account

This way, even if a hacker gets hold of one password, your other accounts will remain secure. Remember to log out straight away after using any online account. A good password is:

  • Hard to guess.
  • At least seven characters long including letters (uppercase and lowercase), numerals and, where possible, symbols.
  • Changed regularly.
  • Not stored on your computer or any other electronic device that can access the Internet.

5. Sign In To Your TripAdvisor Rentals Account Regularly

  • Every inquiry you receive will appear in your TripAdvisor Rentals Inbox as well as your personal one. If you notice that any of them haven’t been delivered to your personal email address, contact us immediately.
  • Set up text alerts. If you receive a text alert but don’t receive an email inquiry, you’ll know to contact us to investigate (the text and the email won’t necessarily arrive together, so please don’t worry if they arrive a few minutes apart).
  • Download the app and make sure push notifications are turned on (do this via the Settings app on your phone).
  • For your safety, we will also notify you via email if your TripAdvisor account is ever accessed from an unrecognized device.

6. Install Anti-Virus & Anti-Malware Software On Your Devices

  • Ensure you have good security software installed on your computer such as Norton Internet Security that contains anti-virus, Spyware and firewall protection. Using a software such as this will intercept any malicious sites or software that hackers use to try to gain access to your computer.

  • Use your anti-virus software to thoroughly scan your computer for viruses every week and make regular backups of your important files. Make sure that your wireless network has a password and is encrypted. This will stop others using your connection for free and possibly being able to see what you’re looking at.

  • As technology progresses, hackers look for more advanced ways to obtain passwords, personal information and credit card details so always try to keep your software updated. Also, having anti-virus and anti-malware software installed on your computer is ideal, but you still need to be vigilant and keep a look out for anything that doesn’t ring true.

We’re Here To Help

We don’t want you to miss out on any genuine inquiries, so if you receive one that you’re not sure about, just get in touch.

You can also visit our FAQ Help Section for more information.


Homeowner Beware Of These 4 Types Of Phishing Emails

Below are 4 popular examples of the type of phishing emails you may receive from a fraudster trying to access your login information. If you ever receive an email and aren’t sure of its legitimacy, double-check it against these phishing examples.

What you need to know about San Francisco’s rental compliance laws

This article relates specifically to the regulations in San Francisco and includes the requirements you must meet to receive a short-term rentals certificate.

Top Tips: How To Protect Against Hackers

The online security of the travelers and homeowners who use our sites is our top priority. We’re proud to say that occurrences of fraud are extremely rare. Our teams and systems work around the clock to keep it that way.

Watch Out For Phishing Emails Asking For Your Login Credentials

The online security of the travelers and homeowners who use our sites is our top priority. While occurrences of fraud are extremely rare, hackers may still attempt to steal your personal information with a method called “phishing.” Read more on how to protect yourself.

Share This