How to Know if an Email is Fraudulent

For small hotels and bed & breakfasts, weeding out fraudulent email requests can be more of an art than a science. But, here are some foolproof methods of identifying scam emails in under a minute. Fraud prevention has become an important part of everyday business at Instant World Booking, so we’ve learned a few things along the way.

Whenever you receive an email reservation request, and the body of the email mentions “credit cards used for full payment”, this is a red flag. Most legitimate requests would never ask about full payment in advance by credit card.

90% of fraud emails will be sent from yahoo, gmail, hotmail, or some other free email service. So, if there’s any doubt about the content of the email, check the sender’s email address.

Now, here’s the foolproof part. Check the email headers. Many scammers have become good at faking email addresses, website domains, even copying the exact logos and website content of legitimate businesses. However, they cannot fake the “email headers”. Here’s how to check them:

From your email inbox, right-click the suspect email. Select “Message options”. You will immediately see the headers, starting with something like “Return-path:”, “Envelope-to”, etc.

If the header contains a source domain or address that looks suspicious, the email is most likely fraudulent.


Avoid Internet Scams like Phishing

Want to go phishing?   You’ll only catch some trouble.  Instant World Booking’s fraud department has uncovered some attacks and scams that could cause you some serious trouble, so read on for how to keep your user ids and passwords safe.

A recent “phishing” scam involves a fraudster’s attempt to duplicate a similar-looking webpage to our homepage.  They send emails to clients alerting them to new reservations, and direct them to the scam page to sign in.  Obviously, if you follow their link and enter your password, the fraudster now has it.

Protect yourself.  With any website you use with a user id and password, make sure you’re certain that you are on the correct site.  Here’s how to know.  Look at the address bar at the top of your browser page.  If the page doesn’t start with the precise domain you are trying to access, then don’t sign in.  Many scammers will purchase similar looking domains, but may have additional characters added to fool you. 

To be more certain, use the “secure” version of the website.  Any website that is serious about protecting your security will have a secure server.  So, when you go to the InstantWorldBooking.comhomepage, use the login section at the upper right corner of the page.  Once you click login, you will notice that you are then at https://www.instantworldbooking.com/.  Note the “https” with an “s”.  This signifies that you are now on a secure server.  A little padlock icon on your browser will also indicate the server is secure, and by clicking on the padlock, you will be able to view security information about the secure server.

So, protect your security and personal information.  Always make sure you know what site you are on, before logging in.