This article will help you identify scam messages and calls to ensure you and your guests’ information remains safe.

Phishing, smishing, and vishing are scams that trick users into handing over sensitive personal information or money:

  • Phishing refers to scam emails. Phishing may occur with other preliminary scamming maneuvers.
  • Smishing (SMS phishing) refers to scam texts or WhatsApp messages.
  • Vishing refers to scam phone calls.

To report any kind of scam attacks, select Contact Us at the bottom of this article.


Phishing is a widespread scam that involves impersonating someone or assuming a false identity online. Using a fake email address, profile, or ad, criminals encourage victims to visit a malicious website to capture sensitive personal information. They may also trick victims into sending money via a third-party website or any another means.

For example, an email from what looks like a legitimate company encourages you to select (click on) a link that takes you to a fake webpage. You’ll then be asked to submit sensitive information, such as passwords, usernames, or bank details.

If your email account is compromised, criminals can intercept inquiries from guests and request booking payments without your knowledge. Your guests could lose money and you could lose bookings.


Victims of smishing receive an SMS or WhatsApp message pressuring them to take immediate action. The message may urge victims to select a link which takes them to a fake website or call or text a phone number, which is often answered by an automated response system.

Victims are asked to provide private information, such as passwords or credit card information.


Vishing or Voice Phishing is when a fraudster creates an automated voice system to make voice calls to trick victims into handing over private information. The voice call creates a sense of urgency, encouraging vishing victims to hand over sensitive information. It’s important to note that it's easy for a scammer to create a fake caller ID to pretend to be someone else. Hang up and don’t provide any sensitive information.

Protecting your privacy

We protect your privacy and help prevent fraud by using anonymous email addresses from: “@messages.Vrbo.com.”

Anonymous email addresses hide your real email address during the initial exchange between you and prospective guests via your Vrbo account. This prevents criminals from discovering your email address and using it to fraudulently communicate with, and request payments from guests.

Follow the tips to better identify scams:

  • Incorrect or strange URL: If you’re trying to log into a website that you frequently use but notice that something seems different, double-check the URL, and go to the actual website’s web address rather than follow a link. Also, ensure that the URL begins with “https://” and not http://.
  • Request for communication or payment outside the platform: Be wary if you’re asked to communicate outside the platform. You may be encouraged to make a payment or money transfer outside of the platform's secure payment system.
  • Misspelled words or incorrect grammar: Fake websites or phishing emails often contain several misspellings and incorrect grammar. Note these details to help you identify scams.
  • Fake platform emails: Some scammers may send fake emails imitating our platform brands asking you to pay for a rental by transfer or credit card outside of the secure payment system. This is definitely a fake email that you should report to us immediately. We will never ask you to make a payment outside of our secure system.
  • Low resolution images: The images and photos might be of a lower resolution or quality than you would expect from a legitimate business.
  • Urgent request for banking information: Be wary of an email or website that urges you to provide sensitive information, such as your banking information. A legitimate bank or business won’t ask for sensitive information via email.
  • Not a secure website: Look for a Lock symbol in the URL bar. If you select the lock symbol, you can verify that a security certificate was issued to that site, identifying it as a legitimate and trusted website.