Bogus login for Airbnb spotted in the wild by security researcher Malwarebytes
Security researcher Malwarebytes has discovered a phishing scam that steals the login credentials of Airbnb users.
Airbnb is a hugely popular website for travellers to find and rent short-term lodging.
But now it seeks that even this shareconomy service is open to be exploited, after Malwarebytes said in a blog posting that it had seen a fake Airbnb login asking for credentials hosted on a compromised car rental service website. That car rental site is now apparently offline.
“The page asked visitors to “Login with your Airbnb account”, offering them username and password fields to fill out,” said Malwarebytes. It said that there was no “https / green padlock on display in the URL bar”, which indicated straight away that it was a bogus login screen.
The URL itself also raised alarm bells, as it was very long, meaning that it presented a bigger danger to mobile users who would be unable to see the entire URL due to their limited screen size.
The motives behind this particular phishing scam seem unclear, but Malwarebytes warned it could be to do with an advance fee scam. This is where someone sends the scammer money (usually via wire transfer), in return for a service or product that never actually arrives.
Alternatively, it could be a travel scam, said Malwarebytes. This is where the scammer puts pressure on the victim to secure the “amazing” advertised property using unusual payment methods (bitcoins etc).
“Those would seem to be the most likely candidates – steer people away from the safety of the official website, and the sky’s the limit in terms of how you can try and part people from their money (and all too often, there’s no way to get it back),” said Malwarebytes.
“You should never discount the value of a phished login,” said Malwarebytes. “There’s always something to be gained by a spot of credential pilfering, so please be cautious around any Airbnb-themed emails inviting you to login and / or confirm your account details.”
Last month GetSafeOnline, the government-backed cybersecurity body, warned that the UK had seen a significant rise in phishing attacks during 2015 as cybercriminals increasingly targeted consumers with online scams.
It found that phishing attacks rose 21 percent during 2015, costing British consumers a total of £174.4m over the course of the year.
And last November Symantec warned of a gang conducting phishing email campaigns that targeted organisations in the United Arab Emirates (UAE), Bahrain, Turkey and Canada.
Those emails claimed to contain information that can help the user avoid potential attacks by militants in their area.
Are you a security pro? Try our quiz!