• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 29 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered!
  • TUG started 29 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Check out our happy birthday post here: Happy Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Come check it out for a chance to win a Free TUG membership (or renewal) just for helping out!

    Read more here
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Follow the TUG Member Banner as it travels the world on vacation with Timeshare owners! Also sign up to get the banner sent to you so you can submit a photo of your vacation with the banner to share with TUG! Banner Thread
  • Sign up to get the TUG Newsletter for free! 60,000+ subscribers! Latest resort reviews and the most important topics discussed by owners during the week!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    Read more Here
  • A few of the most common links here on the forums for newbies and guests!

Lessons learned from fraudsters

D

DavidBr

TUG Member
Joined
Sep 13, 2010
Messages
21
Reaction score
16
Points
213
Location
Maryland
Resorts Owned
Marriott Timber Lodge
Marriott Aruba Surf Club
Marriott Aruba Ocean Club
Marriott Cypress Harbor
I recently rented my two Aruba Surf Club weeks through an agent. All went well and I received my check. About a week later, I got an email from an attorney in NY who wanted to know if someone by the name of Nate Donaldson with an email of tim_donaldson@outlook.com was authorized to rent my timeshare to him. Obviously not, because I had never had any dealings with the guy. What was really interesting about this was that the guy had my reservation number and then sent a copy of the reservation (emailed through Marriott.com) to the potential renter. This looks completely legit, and the scammer then asks for money in exchange for "putting your name on the reservation." When I found out about this I wanted to change the reservation number immediately. However, owner services told me that can only be done if the reservation is canceled and rebooked and they couldn't guarantee that the week would come back in inventory to rebook. I eventually worked with someone from the corporate office that was able to do the cancellation and rebook to thwart the fraud.
So my lesson was: don't make reservations or rental arrangements on an unsecure network (I was at a different resort on Aruba at the time, where someone was apparently spoofing the Wifi with his own equipment). I will be even more careful not to give out the reservation number. The last thing I need is someone showing up in Aruba thinking they rented my timeshare and finding out they were scammed.
This took a huge amount of time to address, but I'm sure I'm not the first one to have this happen to. I will say that once I got to the right person at Marriott Vacations Worldwide, they were very responsive.
 
suzannesimon

suzannesimon

TUG Member
Joined
Jan 3, 2010
Messages
1,837
Reaction score
123
Points
274
Location
Destin, FL & Bethany Beach, DE
Resorts Owned
Marriott Frenchman's Cove, Hyatt Sunset Harbor, Harborside at Atlantis, Marriott Aruba Surf Club, Marriott Grande Ocean, Westin Kierland Villas, Westin Lagunamar
We've been having this same problem in the real estate world. You'll get an email that will say something like "your free Amazon gift card is attached". You click on the link and nothing comes up. What has happened is malware has been put on your computer. It lurks there monitoring your emails until it finds something of value. The cases we had were closing companies asking for wiring instructions from the seller to send the proceeds of a sale. The malware responds to the email to the closing company giving their own wiring instructions. The title company sends the proceeds of the sale to the bogus seller.
 
DeniseM

DeniseM

Moderator
Joined
Jun 6, 2005
Messages
57,303
Reaction score
8,445
Points
1,849
Resorts Owned
WKORV, WKV, 2-SDO, 4-Kauai Beach Villas, Island Park Village (Yellowstone), Hyatt High Sierra, Dolphin's Cove (Anaheim)
What was really interesting about this was that the guy had my reservation number and then sent a copy of the reservation (emailed through Marriott.com) to the potential renter.
Click to expand...

How did they email a confirmation FROM Marriott?

He would need more than just your reservation number to have access to your Acct.
 
suzannesimon

suzannesimon

TUG Member
Joined
Jan 3, 2010
Messages
1,837
Reaction score
123
Points
274
Location
Destin, FL & Bethany Beach, DE
Resorts Owned
Marriott Frenchman's Cove, Hyatt Sunset Harbor, Harborside at Atlantis, Marriott Aruba Surf Club, Marriott Grande Ocean, Westin Kierland Villas, Westin Lagunamar
On one of our real estate cases, the fraudster emailed a buyer wiring instructions to send their settlement funds. The email was an exact replica of the title company email complete
With logo, attorney's signature etc. They told us the malware monitors the emails and will replicate the email form used substituting their own wiring instructions.
 
D

DavidBr

TUG Member
Joined
Sep 13, 2010
Messages
21
Reaction score
16
Points
213
Location
Maryland
Resorts Owned
Marriott Timber Lodge
Marriott Aruba Surf Club
Marriott Aruba Ocean Club
Marriott Cypress Harbor
DeniseM said:
How did they email a confirmation FROM Marriott?

He would need more than just your reservation number to have access to your Acct.
Click to expand...

If you go on to Marriott.com with a reservation number and the name associated with the reservation and the check-in date (you don't have to be logged in), you can usually bring up the reservation. Once that's done, you can then have the Marriott website email the reservation to anyone you choose. What's really nasty is that in the reservation is typically your email address. Try it out with some of your own reservations. I was shocked at how easy it was.
 
Last edited:
L

larryallen

TUG Member
Joined
Jul 1, 2009
Messages
670
Reaction score
10
Points
228
Location
Vegas Baby!
Resorts Owned
KOBC x6 and Westin Kierland
DeniseM said:
How did they email a confirmation FROM Marriott?

He would need more than just your reservation number to have access to your Acct.
Click to expand...

Email spoofing. Happened to our law firm recently. It sucks.
 
D

DavidBr

TUG Member
Joined
Sep 13, 2010
Messages
21
Reaction score
16
Points
213
Location
Maryland
Resorts Owned
Marriott Timber Lodge
Marriott Aruba Surf Club
Marriott Aruba Ocean Club
Marriott Cypress Harbor
larryallen said:
Email spoofing. Happened to our law firm recently. It sucks.
Click to expand...

In this case, there was no need to do email spoofing. it was way simpler than that. As I said in my prior post, if someone has your reservation number, your name and your date of arrival, they can go on to Marriott.com (no login required-They don't need to get into your account) go to "view and manage reservations", bring up the reservation and then use the Marriott website to email the letterhead reservation to any third party. This third party will get an email from "do-not-reply@marriott.com" The Email subject will say "John Smith(johnsmith@youremail.com) sent you an email from www.marriott.com"
The email will contain all the details of your reservation.
 
Superchief

Superchief

TUG Member
Joined
May 6, 2009
Messages
3,682
Reaction score
2,592
Points
448
Location
Cincinnati, OH
I was on the Costco website last night and was transferred to a website that supposedly was a Costco survey. After answering a few suspicious questions I was presented the option to try 4-5 products for about a $5 'handling' charge each. None were things that I would expect Costco to offer. They looked more like the infomercial products you typically see. Therefore, I didn't take the bait. I doubt that Costco had anything to do with this, but it shows how easily visits to websites can be hijacked. Beware!
 
You must log in or register to reply here.
Top