CyberCrimeSecuritySecurity Management

Phishing Scam Grabs Airbnb Logins

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Bogus login for Airbnb spotted in the wild by security researcher Malwarebytes

Security researcher Malwarebytes has discovered a phishing scam that steals the login credentials of Airbnb users.

Airbnb is a hugely popular website for travellers to find and rent short-term lodging.

Login Theft

But now it seeks that even this shareconomy service is open to be exploited, after Malwarebytes said in a blog posting that it had seen a fake Airbnb login asking for credentials hosted on a compromised car rental service website. That car rental site is now apparently offline.

“The page asked visitors to “Login with your Airbnb account”, offering them username and password fields to fill out,” said Malwarebytes. It said that there was no “https / green padlock on display in the URL bar”, which indicated straight away that it was a bogus login screen.

The URL itself also raised alarm bells, as it was very long, meaning that it presented a bigger danger to mobile users who would be unable to see the entire URL due to their limited screen size.

airbnbOnce a Airbnb user entered their login details, they were then directed to a web page thanking them for confirming their login details. From there, they’d be sent to the genuine Airbnb webpage.

The motives behind this particular phishing scam seem unclear, but Malwarebytes warned it could be to do with an advance fee scam. This is where someone sends the scammer money (usually via  wire transfer), in return for a service or product that never actually arrives.

Alternatively, it could be a travel scam, said Malwarebytes. This is where the scammer puts pressure on the victim to secure the “amazing” advertised property using unusual payment methods  (bitcoins etc).

“Those would seem to be the most likely candidates – steer people away from the safety of the official website, and the sky’s the limit in terms of how you can try and part people from their money (and all too often, there’s no way to get it back),” said Malwarebytes.

“You should never discount the value of a phished login,” said Malwarebytes. “There’s always something to be gained by a spot of credential pilfering, so please be cautious around any Airbnb-themed emails inviting you to login and / or confirm your account details.”

Phishing Scams

Last month GetSafeOnline, the government-backed cybersecurity body, warned that the UK had seen a significant rise in phishing attacks during 2015 as cybercriminals increasingly targeted consumers with online scams.

It found that phishing attacks rose 21 percent during 2015, costing British consumers a total of £174.4m over the course of the year.

And last November Symantec warned of a gang conducting phishing email campaigns that targeted organisations in the United Arab Emirates (UAE), Bahrain, Turkey and Canada.

Those emails claimed to contain information that can help the user avoid potential attacks by militants in their area.

Are you a security pro? Try our quiz!