• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Redweek scam/phish warning (Meng zhuang Li (mengz2)<donnawaddell793@gmail.com>)

Saintsfanfl

TUG Member
Joined
Mar 7, 2012
Messages
8,844
Reaction score
630
Points
399
Location
Central Florida
This redweek member or a scammer taking control of another account went through alot of trouble negotiating on price and payment type for a rental only to end up sending me a link to a fake drop box login that would phish for my email login entry. Supposedly the drop box would have the document specifying the bill payment information. I never thought a scammer would go through that much trouble. Why negotiate the price? It makes me worried that I was specifically targeted.
 

Saintsfanfl

TUG Member
Joined
Mar 7, 2012
Messages
8,844
Reaction score
630
Points
399
Location
Central Florida
It appears the phish attempt was to gain control of my paypal account by resetting my password after gaining control of the email account.

I did not have 2nd layer security enabled on my email or paypal but I have now added it to both.
 

Panina

TUG Review Crew: Elite
TUG Member
Joined
Jul 13, 2015
Messages
6,781
Reaction score
9,968
Points
499
Location
Florida
Resorts Owned
Hgvc Anderson, Blue Ride Village Resort
It appears the phish attempt was to gain control of my paypal account by resetting my password after gaining control of the email account.

I did not have 2nd layer security enabled on my email or paypal but I have now added it to both.

It never ends. Always something new to scam. I assume you notified Redweek. How did you notice/figure it out?
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,096
Reaction score
7,678
Points
1,099
Location
Florida
yes, these are becoming more and more common!

never click on a link to a google doc or random download when in the course of a conversation with a stranger! once they get your email login info, they can "request" password resets on all sorts of your private logins.
 

Saintsfanfl

TUG Member
Joined
Mar 7, 2012
Messages
8,844
Reaction score
630
Points
399
Location
Central Florida
I clicked the link but I did not enter my email login. I did notify Redweek and they sent a notice to everyone that has been contacted by this member.

It all started fairly normal. An email from an interested renter wanting to know what was the best price I could give. Family of 4 inquiring on a 3BR. First oddity but I blew it off. “Meng and Donna” was the signature. I told them to make an offer and I would consider it. It’s my boilerplate response to someone wanting my “best price”. That type of inquiry I used to groan at but I started responding with “make an offer” and it’s worked out well with several rentals. They responded very similarly with an offer lower but acceptable. I said yes and asked for their details. They replied Donna and husband Mike with address and phone. That was the next oddity. The Chinese name was showing up for the email and it was Donna and Meng before but now Donna and Mike. I blew it off again figuring Meng likes to use Mike as a nickname. They never mentioned wanting to send a check even though I explained the process so I sent the invoice with the confirmation attached and the link for payment. They responded they wanted to pay by check but needed the details. They already had the details from the invoice but I repeated it. I waited a couple days and asked if they were sending a check or they changed their mind. They said yes but again wanted the details for the check. That should have been a red flag but I’ve been extremely busy and blew it off. I gave the details again. The next day they responded that they scheduled a check, I assumed bill payment, and they attached the details. Nothing was attached but I did not notice that they embedded a link in their paragraph. They responded again with the imbedded link and I clicked it and it went to a fake drop box login that prompted to choose an email provider and then prompted to log in. I never fall for scams but obviously I went this far.
 
Last edited:

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,096
Reaction score
7,678
Points
1,099
Location
Florida
yes, we have had similar reports where a conversation is struck up about a rental or a resale to establish a semblance of trust or legitimacy then the link is sent.

far too many folks click on it thinking its a legitimate rental agreement or other normal sounding document/etc. a very elaborate scam to obtain peoples email logins!

these scammers then sometimes even post ads using that owners data without the owner even knowing, also why its so very important to be on the lookout for sending money to a 3rd party or contact from a different email address etc!

there is noone out there more creative than a scammer, and they are very effective!
 

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,032
Reaction score
2,268
Points
648
Location
New England Coast
It appears the phish attempt was to gain control of my paypal account by resetting my password after gaining control of the email account.

I did not have 2nd layer security enabled on my email or paypal but I have now added it to both.

RedWeek is pretty good about giving "the boot" to members behaving badly, so it's good that you have made RedWeek Customer Service aware of this cyber-scoundrel. Of course, such weasels of ill intent can still always attempt to "rejoin" later with a new identity, merely using a different name and method of payment for their new membership. :(
 
Last edited:

Seaport104

TUG Review Crew
TUG Member
Joined
Sep 29, 2012
Messages
1,522
Reaction score
272
Points
294
Location
NJ
I clicked the link but I did not enter my email login. I did notify Redweek and they sent a notice to everyone that has been contacted by this member.

.

Thanks, I was contacted by the same person a day before your post. Yes, redweek also sent me an email yesterday regarding the member.
 
Top