The upcoming General Data Protection Regulation (GDPR) privacy laws threaten with severe penalties to demand personal information from Airbnb users. The interest on the subject is very high among professionals and companies operating in various industries, it’s normal that crooks will try to take advantage of this situation.
Airbnb, like many other companies, is sending emails to inform users of changes in the privacy law according to the upcoming GDPR.
Cybercriminals are targeting Airbnb users demanding personal information and financial data referencing the GDPR.
Experts from Redscan are monitoring a spam campaign targeting Airbnb users with spam messages like the following one:
“This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States-based companies, like Airbnb in order to protect European citizens and companies,” reads the spam message according to the Redscan.
The extent of the campaign is still unclear, crooks are targeting businesses’ email addresses taken online.
The phishing messages pretend to be a GDPR information request sent by Airbnb to hosts of the service.
“The irony won’t be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal people’s data,” Skynews cited Redscan Director of Cybersecurity Mark Nicholls Nicholls as saying.
The phishing emails use a simple as effective social engineering trick, the message informs hosts they can’t accept new bookings or contact potential guests until they accept their organizations are not compliance to the GDPR.
Malicious email uses a domain that could appear as legitimate, according to Redscan, in this campaign, hackers rather than the legitimate @airbnb.com domain used the @mail.airbnb.work domain.
If the victims click the malicious link embedded in the email, they redirected to phishing page designed to request victims both personal and financial information.
“Modern phishing campaigns are becoming increasingly difficult to spot and people need to be extra vigilant when opening emails and clicking links, since it’s important to ensure they originate from a trusted source.” said Mark Nicholls, Redscan’s director of cybersecurity.
It is important to highlight, that GDPR notifications sent by companies to its customers don’t ask for users’ credentials, so be careful and stay vigilant.
“These emails are a brazen attempt at using our trusted brand to try and steal users’ details and have nothing to do with Airbnb. We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on firstname.lastname@example.org , who will fully investigate. We provide useful information on how to spot a fake email on our help center and work closely with external partners to report and help remove fake Airbnb websites.” reads the Airbnb Spokesperson.
We provide important information or actions for users in the Airbnb dashboard — which is located in Your Account.
(Security Affairs – GDPR, phishing)