I recently received a scam email from Travellerspoint pretending to arrange lodging at an academic workshop I will be attending. Indeed, a search of "travellerspoint workshop scam" reveals many workshops throughout Europe have been subjected to this same scam. I've written to Travellerspoint but haven't heard from them yet. Anyone know anything?
Scam emails from Travellerspoint
Quoting niwrecs
I recently received a scam email from Travellerspoint pretending to arrange lodging at an academic workshop I will be attending.
That's unfortunate. Having known the owner of travellerspoint for nearly two decades, I can assure you that this email did not originate from here. It originated from a completely different website (see the next message). Anyone can pretend to send email from domains they don't control, and travellerspoint doesn't seem to have strong protection against this (@Peter: might be worth tightening SPF/DKIM settings?), but travellerspoint itself is not involved in such things.
I guess it's remotely possible that a very enterprising scammer has set up a personal blog on travellerspoint (that's one of the main functionalities offered by this site), and is linking to that in the scam email. We tend to be pretty good at detecting and removing questionable blogs, but it's always possible one slipped through. Could you send me a private message (click on my username, then the green "Message" button, or hover on my username, then the orange "Send Message" link) with both the full text of the scam email, and separately, all links included in it? If any turn out to indeed be hosted on travellerspoint, I can block them immediately.
Indeed, a search of "travellerspoint workshop scam" reveals many workshops throughout Europe have been subjected to this same scam.
When I do that search, I don't see any results showing reports about this at all. The worst I see is a 1-star trustpilot review saying that we're paranoid about spam (which yep, we are). Could you also send me a private message with a direct link to the search you're doing, and maybe one or two of the results you're seeing about such purported scams?
I've written to Travellerspoint but haven't heard from them yet. Anyone know anything?
The site has a pretty small team behind it these days, so it's possible your message was overlooked - or if you sent it only hours ago: simply that this was the middle of the night in Australia, where the owner lives.
[ Edit: Edited on 31 Mar 2023, 18:09 GMT by Sander ]
Ah, using google (not my common search engine, due to their privacy-violating policies), I found one report - at https://euromit2023.eu/2023/01/04/travellerpoint-spam/ - about a scam email purportedly originating from travellerpoint dot org. Carefully note the domain there. We're travellerspoint dot com, a completely different website. We have existed since 2002; travellerpoint dot org has existed since 2019 (though according to whois information; the domain was only registered in 2022 - pure speculation on my part, but maybe there was a legitimate site there in 2019, they disappeared due to covid, and now a scammer is squatting at the domain?)
Anyway, if I search specifically for "travellerpoint" (so without the s) "workshop scam", I indeed get many results. That sucks - but it really isn't us!
To close this out completely, could you please confirm that the scam email you got indeed also originated from this other website, travellerpoint dot org?
[ Edit: Edited on 31 Mar 2023, 18:08 GMT by Sander ]
Sander,
I've sent you two messages privately.
Steve
niwrecs shared a bit of the text of the scam email, where the scammer used a third domain, travellerspoint dot org (so with "s", but still ".org"). That domain doesn't host a website, but has an identical whois update date as travellerpoint dot org (without "s"), and they're both registered at namecheap. All other warnings from conferences about the scam which I could find (and which niwrecs linked; there are indeed many) point to travellerpoint dot org, so the usage of travellerspoint dot org seems to be a recent change.
In any case, there doesn't seem to be any direct scam attempt related to our website, travellerspoint.com - the scammers might be trying to piggyback on our reputation a bit, but I suspect the name clash with us is more likely to be coincidence.
[ Edit: Edited on 31 Mar 2023, 20:46 GMT by Sander ]
Hi all.
For the record, I've been corresponding with Sander about this issue. He's 100% right that
my post resulted from my erroneous assumption that travellerpoint.com, travellerspoint.com, and travellerspoint.org are the same company. They're not! The first and third are used by the scammer, whereas the second is completely legit and not involved in any scamming at all.
That said, I believe that 99% of people won't distinguish between travellerpoint.com, travellerspoint.com, and travellerspoint.org. So Travellerspoint may continue to be unfairly accused of scamming because of the recent activity of Travellerpoint.
>That said, I believe that 99% of people won't distinguish between travellerpoint.com, travellerspoint.com, and travellerspoint.org. So Travellerspoint may continue to be unfairly accused of scamming because of the recent activity of Travellerpoint.
Unfortunately, exactly the same applies to any other website.....and scammers have long been using this exact technique. It's certainly nothing new:it's the way of the modern world.
I've lost count of the number of reports I've seen over the years about people who've lost money by not carefully checking the url of a website, whether it's linked in an email/text message or appears in google results. In recent years in the UK this has happened with links/emails/texts purporting to be from Amazon and other delivery companies, the Post Office, the tax office, the Customs office, Covid compliance office (which never existed) etc etc All that needs to be done is to set up a fake site by adding/losing a letter and/or using .org instead of .com and suchlike.
Imo, stopping such scams is pretty much impossible: as soon as one is stopped another takes its place. So I feel the onus is on each and every one of us to double-check the url of any website/ sender of any email or text message before making assumptions or leaping to conclusions...and certainly before casting aspersions on a genuine website. Due diligence....
[ Edit: Edited on 1 Apr 2023, 19:04 GMT by leics2 ]
One last point illustrates the messiness of this situation.
Apparently, the URL travellerpoint.com (without s) redirects to travellerspoint.com (with s). If you don't believe it - or don't understand what this means - simply type the first address into a browser. Your browser will instead open the second address.
Usually, this means a company has purchased both domains just in case someone mistypes their company's name. Did Travellerspoint do this? I assume so.
Yes, I own travellerpoint.com and travelerspoint.com (single l) as I think these are close enough to the actual domain name to warrant purchasing them. Both of those should redirect here. I also own travellerspoint.org, with a double l as it seemed like it could be useful one day. Clearly I don't own the single l variant of that though.
If I had unlimited money, I might own more, but consider that there are hundreds of TLDs (.com, org. info, .io, .net, etc) and then at least 3 or 4 popular misspellings, you could see that this means owning thousands of domain names and paying the registration for each of them every year which is prohibitively expensive.
I'm happy to leave this thread up. Hopefully if someone is searching for "Travellerspoint scam" they come across it and can understand the situation a bit better. You're actually not the first person to get in touch with me about this, so clearly it's hitting a lot of people.