Scammers targeting users on Airbnb have devised a new scheme involving fake technical issues and higher fees to redirect them to a spoofed Tripadvisor website, ultimately leading to stolen money. The discovery of this nefarious practice was made by researchers at Malwarebytes during an attempt to book an apartment through the popular platform.
The modus operandi of the scammers involves enticing potential victims with a listing that instructs them to contact the owner via email to inquire about availability. Upon receiving an email from the scammer, the victim is then directed to book the apartment through Tripadvisor, as per the scammer’s instructions.
To lend legitimacy to their ploy, the scammer sends a follow-up email that appears to be from Tripadvisor, prompting the victim to finalize the booking by clicking on shortened URLs provided in the initial email. Unbeknownst to the victim, these URLs lead to a counterfeit Tripadvisor website where they are prompted to input their payment card details.
Further investigation by the Malwarebytes researchers revealed the extent of the scam, with a total of 220 related websites identified. Of these, 26 were structured similarly to sites impersonating Tripadvisor, while 194 mimicked Airbnb-related domains.
In response to such fraudulent activities, Airbnb has issued warnings about the risks associated with off-platform transactions and payments. The company advises users against engaging in any form of off-site activity, including communication, sharing personal information, or making payments outside the platform. Only in cases where off-site payments have been pre-approved by Airbnb and communicated to guests in advance should such transactions be considered.
In addition, Airbnb provides guidance on how to recognize phishing emails and websites that impersonate their platform, listing official Airbnb domains for reference. The researchers from Malwarebytes emphasize the importance of remaining vigilant and not succumbing to the pressure of urgent demands created by scammers. They caution users to verify the legitimacy of websites before entering any personal or financial information to avoid falling victim to such scams.
It’s not just Airbnb users who are at risk of financial fraud through online bookings. A recent documented scam involved criminals compromising hotel accounts on platforms like Booking.com to target potential victims. By infiltrating these accounts, scammers were able to contact customers directly and steal their payment card information.
As the prevalence of online scams continues to rise, it is crucial for users to exercise caution and stay informed about potential threats. By remaining vigilant and following the security protocols established by online platforms, individuals can mitigate the risk of falling prey to malicious actors seeking to exploit unsuspecting victims for financial gain.