This is a scam. There are several red flags. With one of them, I’d be highly suspicious. With the trifecta, it’s definitely a scam.
company.com
and company.eu
), but those are often legitimate. Often it adds something to the company name, e.g. here company-eu.com
vs company.com
.Note that this is not a problem with HomeAway. The scammer is impersonating HomeAway.
You may report the scam to HomeAway. Realistically, there isn’t much they can do, other than put up a warning about scams on their web page. They may be able to shut down that particular domain, but a domain is extremely cheap. Shutting down a scammer usually requires tracking them through multiple jurisdictions and is hard.
This situation has a couple strong parallels to common housing scams.
Rental scam #1 – the cloned listing
This is one of the most popular Craigslist rental scams, perhaps because it’s so cheap to execute.
The scammer copies and pastes information from a legitimate rental ad, and then offers a price that’s literally “too good to be true.”
If you respond to the fake ad, the scammer may invite you to drive by the property to view the exterior. What they will not do is give you a tour of the interior. That’s because they are “on vacation” or otherwise unavailable to show the place.
I found many "out of town" landlords when I was apartment hunting recently, and while I don’t know for sure whether they were fraudulent (I steered clear), I would be highly suspicious of agreeing to such an arrangement without being able to physically tour the apartment.
Just looking at the domain name:
Whereas:
A legitimate website normally creates a subdomain (i.e. eu.homeaway.com), or they use homeaway.com for emails but add a slash in their website (i.e. homeaway.com/eu), or lastly might buy a different domain name still preserving the name (i.e. homeaway.eu – though I don’t know whether this is an official one). In this case, having a domain like “homeaway-eu.com” and using a different registrar seems fishy.
I would get in contact with the real homeaway.com by either an email or phone number on their website to confirm any details before transferring money. Otherwise, I would simply say ABORT.
EDIT: Also, by looking at the SSL certificate of homeaway.com, these are the official domains allowed to be used with that certificate:
abritel.fr
aluguetemporada.com.br
bedandbreakfast.com
clearstay.com
escapia.com
fewo-direkt.de (and luxus.fewo-direkt.de)
homeaway.at
homeaway.ca (and fr.homeaway.ca)
homeaway.co.nz (and www.homeaway.co.nz)
homeaway.co.uk (and luxury.homeaway.co.uk)
homeaway.com (and www.homeaway.com; investors.homeaway.com; professionalreferral.homeaway.com; software.homeaway.com; tech.homeaway.com)
homeaway.com.ar
homeaway.com.au
homeaway.com.co
homeaway.com.mx
homeaway.de (and www.homeaway.de)
homeaway.dk
homeaway.es
homeaway.fi
homeaway.fr (and www.homeaway.fr)
homeaway.gr
homeaway.ie
homeaway.it
homeaway.jp (and www.homeaway.jp)
homeaway.lk (and www.homeaway.lk)
homeaway.mx
homeaway.nl
homeaway.no
homeaway.pl
homeaway.pt
homeaway.se
homeaway.sg (and www.homeaway.sg)
homelidays.com
homelidays.es
homelidays.fr
homelidays.it
ownersdirect.co.uk
stayz.com (and www.stayz.com)
stayz.com.au
travelmob.com (and www.travelmob.com; au.travelmob.com; de.travelmob.com; es.travelmob.com; fr.travelmob.com; it.travelmob.com; uk.travelmob.com)
vacationrentals.com
vrbo.com (and traveler.vrbo.com)
www.homeaway.co.id
www.homeaway.co.in
www.homeaway.co.kr
www.homeaway.co.th
www.homeaway.com.cn
www.homeaway.com.my
www.homeaway.com.ph
www.homeaway.com.sg
www.homeaway.com.vn
www.homeaway.hk
www.homeaway.tw
Credit:stackoverflow.com‘