Airbnb customers are being targeted by a phishing scam that seeks to exploit the incoming General Data Protection Regulation (GDPR), cybersecurity company Redscan said on Thursday.

Scammers are posing as legitimate business in email communications, taking advantage of the fact that businesses are actively seeking fresh consent from users ahead of the May 25 GDPR implementation deadline.

The email requests users to update their personal information (through a malicious link) in order that they can continue to use Airbnb services.

Mark Nicholls Director of Cyber Security at Redscan said in an emailed statement: “The irony won’t be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal people’s data.”

He added: ‘’Using current events and trends as bait for social engineering attacks is a common tactic. Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action’’

Airbnb: Phishermen Not Welcome

Airbnb said: “These emails are a brazen attempt at using our trusted brand to try and steal user’s details, and have nothing to do with Airbnb. We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on report.phishing@airbnb.com.’’

Businesses and customers are being advised to be extra vigilant as GDPR approaches. Phishing scams can often be discerned by scrutinising the domain and email address attached to incoming mail. Cybercriminals often use slightly altered domains and address to fool users into believing they are communicating with an official company channel. Airbnb variations can look like @mail.airbnb.work in contrast to the companies official address @Airbnb.com.

“Modern phishing campaigns are becoming increasingly difficult to spot and people need to be extra vigilant when opening emails and clicking links, since it’s important to ensure they originate from a trusted source.,’’ Mark Nicholls added.

Other key variances to watch out for in your inbox are changes or inconsistencies in a brand logo, such as incorrect colour or font type.  Spelling mistakes can also help in identifying a real communication form a phishing attempt.

Phishing cybersecurity attacks continue to be a severe and common threat to companies and their customers, with even the largest IT companies reporting data breaches through such attacks. The start of this year saw Facebook and Google confirm that they were the target of a $100 million phishing scam by Evaldas Rimasauskas who posed as an Asian manufacturing company.

The UK National Audit Office believes that around £14.8 billion was stolen from UK customers through phishing in 2017.