• A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!

Lessons learned from fraudsters

D

DavidBr

TUG Member
Joined
Sep 13, 2010
Messages
21
Reaction score
16
Location
Maryland
Resorts Owned
Marriott Timber Lodge
Marriott Aruba Surf Club
Marriott Aruba Ocean Club
Marriott Cypress Harbor
I recently rented my two Aruba Surf Club weeks through an agent. All went well and I received my check. About a week later, I got an email from an attorney in NY who wanted to know if someone by the name of Nate Donaldson with an email of tim_donaldson@outlook.com was authorized to rent my timeshare to him. Obviously not, because I had never had any dealings with the guy. What was really interesting about this was that the guy had my reservation number and then sent a copy of the reservation (emailed through Marriott.com) to the potential renter. This looks completely legit, and the scammer then asks for money in exchange for "putting your name on the reservation." When I found out about this I wanted to change the reservation number immediately. However, owner services told me that can only be done if the reservation is canceled and rebooked and they couldn't guarantee that the week would come back in inventory to rebook. I eventually worked with someone from the corporate office that was able to do the cancellation and rebook to thwart the fraud.
So my lesson was: don't make reservations or rental arrangements on an unsecure network (I was at a different resort on Aruba at the time, where someone was apparently spoofing the Wifi with his own equipment). I will be even more careful not to give out the reservation number. The last thing I need is someone showing up in Aruba thinking they rented my timeshare and finding out they were scammed.
This took a huge amount of time to address, but I'm sure I'm not the first one to have this happen to. I will say that once I got to the right person at Marriott Vacations Worldwide, they were very responsive.
 
We've been having this same problem in the real estate world. You'll get an email that will say something like "your free Amazon gift card is attached". You click on the link and nothing comes up. What has happened is malware has been put on your computer. It lurks there monitoring your emails until it finds something of value. The cases we had were closing companies asking for wiring instructions from the seller to send the proceeds of a sale. The malware responds to the email to the closing company giving their own wiring instructions. The title company sends the proceeds of the sale to the bogus seller.
 
What was really interesting about this was that the guy had my reservation number and then sent a copy of the reservation (emailed through Marriott.com) to the potential renter.
Click to expand...

How did they email a confirmation FROM Marriott?

He would need more than just your reservation number to have access to your Acct.
 
On one of our real estate cases, the fraudster emailed a buyer wiring instructions to send their settlement funds. The email was an exact replica of the title company email complete
With logo, attorney's signature etc. They told us the malware monitors the emails and will replicate the email form used substituting their own wiring instructions.
 
DeniseM said:
How did they email a confirmation FROM Marriott?

He would need more than just your reservation number to have access to your Acct.
Click to expand...

If you go on to Marriott.com with a reservation number and the name associated with the reservation and the check-in date (you don't have to be logged in), you can usually bring up the reservation. Once that's done, you can then have the Marriott website email the reservation to anyone you choose. What's really nasty is that in the reservation is typically your email address. Try it out with some of your own reservations. I was shocked at how easy it was.
 
Last edited:
DeniseM said:
How did they email a confirmation FROM Marriott?

He would need more than just your reservation number to have access to your Acct.
Click to expand...

Email spoofing. Happened to our law firm recently. It sucks.
 
larryallen said:
Email spoofing. Happened to our law firm recently. It sucks.
Click to expand...

In this case, there was no need to do email spoofing. it was way simpler than that. As I said in my prior post, if someone has your reservation number, your name and your date of arrival, they can go on to Marriott.com (no login required-They don't need to get into your account) go to "view and manage reservations", bring up the reservation and then use the Marriott website to email the letterhead reservation to any third party. This third party will get an email from "do-not-reply@marriott.com" The Email subject will say "John Smith(johnsmith@youremail.com) sent you an email from www.marriott.com"
The email will contain all the details of your reservation.
 
I was on the Costco website last night and was transferred to a website that supposedly was a Costco survey. After answering a few suspicious questions I was presented the option to try 4-5 products for about a $5 'handling' charge each. None were things that I would expect Costco to offer. They looked more like the infomercial products you typically see. Therefore, I didn't take the bait. I doubt that Costco had anything to do with this, but it shows how easily visits to websites can be hijacked. Beware!
 
You must log in or register to reply here.
Top