Travellers stranded by phishing scam

Emails intercepted: Claudia Natoli was snared in a global scam involving tourists.
Emails intercepted: Claudia Natoli was snared in a global scam involving tourists. Photo: Jacky Ghossein

Claudia Natoli thought she was on to a good thing - so good that when she inquired about a luxury four-bedroom rental villa in Bali, she emailed the owner and asked: ''What's the catch?''

He had offered an attractive discount on the original price and was so obliging, he even helped organise a fully catered pre-wedding party - including drinks, food and waiters - that she planned to host at the property.

The deal was too good to be true. Hackers had intercepted her initial email, posed as the accommodation owner and lured her into making a bogus booking.

Pure luxury: Villa Zara which Claudia Natoli booked via the website www.vrbo.com.
Pure luxury: Villa Zara which Claudia Natoli booked via the website www.vrbo.com. 

Ms Natoli is among scores of Australian tourists who have been snared in a worldwide travel scam that targets property owners who advertise their rentals on websites including HomeAway, VRBO and FlipKey, which is mostly owned by TripAdvisor. In nearly every case, the victim arrives in paradise only to discover the communication had been faked, the genuine owner has never heard of them and the accommodation is booked out - leaving them broke and stranded.

Last week, NSW Fair Trading confirmed it had received complaints about the scam and encouraged others to come forward and lodge a formal complaint.

Consumer Affairs Victoria warned that booking overseas private accommodation online was ''much riskier'' than dealing directly with a hotel or travel agent.

Reports first surfaced about the multimillion-dollar global swindle in September 2010. Since then, the internet has been awash with blogs and forums about the problem. In the past 12 months, Australians appear to have been increasingly targeted, with luxury Balinese properties used as bait.

Travellers' contact details and inquiries are initially netted either by ''phishing'' or acquiring information about a property owner's genuine email account through false advertisements on reputable websites.

In Ms Natoli's case, criminals appear to have hacked her initial request for information last September and then responded using an almost identical email address to that used by the legitimate villa owner.

Having started emailing, she told Fairfax Media she had no reason to disbelieve a ''25 per cent discount offer'', so willingly transferred the $1425 fee.

Ms Natoli, 28, from Bondi, said: ''He sent me a booking form. It looked 100 per cent. He asked me to put money into an account. I did.

''The purpose for the holiday was to attend a wedding and, as bridesmaid, I had to organise the hens' party so explained I wanted to hold it at the villa. From there, I organised everything with him … waiters, drinks, food, the whole night had been planned.''

However, when Ms Natoli and her three travelling companions arrived, they discovered another group of Australians were already staying at the villa.

''It was 2am, we were stuck in Bali with nowhere to stay and so I telephoned the owner on a number above the door. He had no idea who I was. I showed him various emails we'd shared. He replied: 'I'm sorry. That's not me.' It took a while to believe him. But it was true.''

With the tourists having no money to book elsewhere, the villa owner kindly stepped in, at one stage putting all four up in his own house.

''He was very kind, but it no longer felt like a holiday,'' Ms Natoli said.

The owner of the villa, Guy Carlton, wrote to British detectives, saying ''multiple clients'' had been duped, and all had deposited money into Barclays Bank accounts opened in London.

Mr Carlton vented frustration that nobody, including Barclays nor the rental websites, appeared accountable, adding: ''It has been extremely difficult just to report this multimillion-dollar scam.''

Do you know more? Email eduff@fairfax.com.au

Comments