View all newsletters
Receive our newsletter – data, insights and analysis delivered to you

Airbnb Customers Target of Phishing Scam

"A brazen attempt at using our trusted brand"

By CBR Staff Writer

Airbnb customers are being targeted by a phishing scam that seeks to exploit the incoming General Data Protection Regulation (GDPR), cybersecurity company Redscan said on Thursday.

Scammers are posing as legitimate business in email communications, taking advantage of the fact that businesses are actively seeking fresh consent from users ahead of the May 25 GDPR implementation deadline.

The email requests users to update their personal information (through a malicious link) in order that they can continue to use Airbnb services.

Mark Nicholls Director of Cyber Security at Redscan said in an emailed statement: “The irony won’t be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal people’s data.”

He added: ‘’Using current events and trends as bait for social engineering attacks is a common tactic. Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action’’

Airbnb: Phishermen Not Welcome

Airbnb said: “These emails are a brazen attempt at using our trusted brand to try and steal user’s details, and have nothing to do with Airbnb. We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on report.phishing@airbnb.com.’’

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

Businesses and customers are being advised to be extra vigilant as GDPR approaches. Phishing scams can often be discerned by scrutinising the domain and email address attached to incoming mail. Cybercriminals often use slightly altered domains and address to fool users into believing they are communicating with an official company channel. Airbnb variations can look like @mail.airbnb.work in contrast to the companies official address @Airbnb.com.

“Modern phishing campaigns are becoming increasingly difficult to spot and people need to be extra vigilant when opening emails and clicking links, since it’s important to ensure they originate from a trusted source.,’’ Mark Nicholls added.

Other key variances to watch out for in your inbox are changes or inconsistencies in a brand logo, such as incorrect colour or font type.  Spelling mistakes can also help in identifying a real communication form a phishing attempt.

Phishing cybersecurity attacks continue to be a severe and common threat to companies and their customers, with even the largest IT companies reporting data breaches through such attacks. The start of this year saw Facebook and Google confirm that they were the target of a $100 million phishing scam by Evaldas Rimasauskas who posed as an Asian manufacturing company.

The UK National Audit Office believes that around £14.8 billion was stolen from UK customers through phishing in 2017.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU