Post by High Priestess on Nov 21, 2015 17:03:13 GMT
This thread on the new Airbnb groups is a good example of the kind of strategy hackers are using to try to hack your account:
community.airbnb.com/t5/General-Hosting/Real-link/m-p/3419#U3419
Host shared Nov 20 2015
Real link?
I received this message today, I wondered what people thought? Should I open the link?
Thanks
Hello,
My name is_________ , I need your room is possible ?
I have see on airbnb same apartment but is other host , How is it possible ?
Here is other host
www.room92913.build/Airbnb
I will wait your Reply
Thank You!
Clare (clare)
Report it right away to Airbnb and let them take a look. It's possible that someone has hacked your listing. Do it now!
Deborah (High Priestess)
If you know anything about hacking, you will realize that this is a hacker website....any website address that has "Airbnb" in it but it is not the real Airbnb website, it is a hacker website, set up to engage in phishing! Airbnb website always starts with "https" --not http -- indicating it is a SECURE website, and starts with www.airbnb.com or www.airbnb.co.uk, www.airbnb.co.fr, etc for different nations .
THis is doubtless a phishing site, set up for the sole purpose of perpetrating crimes -- getting hosts to go to a fake Airbnb page and be prompted to log in, thinking they are on the AIrbnb page, and then enter their account info, which is copied by the phishing site, so they steal your log in info, and then they hack your account and can either use it to steal your money or create additional phishing posts to try to lure other hosts in so they can steal yet more info. Phishing and hacked accounts are a real problem for Airbnb, so hosts must take care and use common sense.
Report this immediately to AIrbnb. HEre's what I got when I typed in that address and tried to go to that site -- this notification about the danger of this site comes from Google, I believe. Which indicates that Airbnb may actually already know about this phishing site and have reported it -- but you should report it anyway. Just click on the flag icon in the upper right corner of the message you got from the guest., to flag it to Airbnb to evaluate. WHat I don't understand is how these links are coming through the system, because the Airbnb message system is supposed to block links from guests who haven't booked yet, except for those which are really on the Airbnb website.
Clare (clare)
Deborah, you are more intrepid than I...I wasn't about to click on that link. One question remains, though. Should the real host do anything like change passwords, etc. ? If her listing got hacked, somehow the hacker got her info to do it. I'd be interested in Airbnb's instructions.
Deborah (High Priestess)
Clare -- the hackers send you this link only because they WANT to hack into your account, not because they have already done so. If they had already hacked your account they would not be sending you messages. Once they hack your account, they don;'t want you to know about that -- if you know about it, you will take steps to repossess your account and lock them out.
THere is no point in hackers contacting you after they have hacked your account, unless, (as we see in some sad cases) the hacker is actually holding your account or whole computer ransom, and is asking you to pay them a fee to restore the functioning of your computer to you! That does happen sometimes when people are tricked into downloading something onto their computer that they shouldn't -- eg they receive a message, ostensibly from an antivirus program company, saying their computer is at risk and they need to fix that by intsalling a program. Their computer is not at risk if they ignore this hacker message, but once they download the hacker software, their computer can be held hostage.
Sometimes clicking on a link does introduce a virus into your computer, but one has to think about what the hacker's goal is. WIth Airbnb hosts, the hacker's goal is not to just play pranks and put a virus on their computer. The goal is to steal their account info -- which they do by prompting hosts to log in on fake Airbnb pages. So by and large, the main things we have to beware of as hosts, is being prompted to log in on fake Airbnb pages.
Clare (clare)
What alarmed me is that there was a duplicate apartment listing but with a different host name. If Sophie's actual account wasn't hacked, how did the hacker get her listing info and, get it on Airbnb to boot.
Deborah (High Priestess)
Clare, the business about the duplicate listing and different host name is all phony.!!! THERE IS NO DUPLICATE LISTING!!! (There is no other host copying their listing!! )THis is all a fiction by the hacker to create a sense of alarm in the host so they fall prey to the hacker.
The whole point of the hacker is to come up with some ploy (in this case, the fiction that someone else copied their listing -- in other cases, it has been a ploy to ask host to go to a link that will supposedly help them be a superhost in 4 days) to get the host to do what they want, which is to visit their link and log in. SO with this fiction, they create a sense of urgency and alarm in a host, so that they don't think about what they are doing, but end up logging into a fake Airbnb page because they think someone else copied their listing.
Point being, the story that is presented is beside the point, it is all fake. The whole point is that you are being sent a link that the hacker wants you to think is the AIrbnb site so you log in. THey will come up with a thousand different ways to get you to do that. You need to see through all this and realize what they are trying to do. Eg you need to not miss the forest (the hacker luring you into the phishing site) for the trees (the particular one of any of a thousand fictional stories the hacker may present in order to get you to do that).
To make the host believe the "guest" more readily, hackers will often use AIrbnb accounts that they have already hacked into, to contact other hosts. That way, the host thinks the person contacting them "must be real" because they see the person has 23 reviews, or whatever, and a real listing with real reviews. That guest is real, but the person contacting you is not that guest, it's the hacker who hacked their account and is using their account now to lure others into their phishing site so that they can expand their arsenal of hacked accounts.
I'm not clear how Sophie got the message, whether through Airbnb messaging (eg as we do from any guest, when they inquire with us) or whether she got this to her private email only. sophie can you let us know how you got this message? In your Airbnb account or on your private email only?
Host
Hi both,
Thanks so much,
Yes this was sent to me through Airbnb with a requested date. I will report it now! Although I find it really difficult to ever get in touch with Airbnb!!
I assumed they wanted me to login so I havent done anything yet.
Thanks guys x
Deborah
That's what I thought, that the message was sent thru regular Airbnb messaging.
Thanks for reporting it, Sophie. I also sent this info to Airbnb so they can get right on it. In general it is important to report these phishing attempts right away so Airbnb can get their phishing website shut down right away, to lessen the likelihood of other hosts falling prey to them.
Posted 4m ago
community.airbnb.com/t5/General-Hosting/Real-link/m-p/3419#U3419
Host shared Nov 20 2015
Real link?
I received this message today, I wondered what people thought? Should I open the link?
Thanks
Hello,
My name is_________ , I need your room is possible ?
I have see on airbnb same apartment but is other host , How is it possible ?
Here is other host
www.room92913.build/Airbnb
I will wait your Reply
Thank You!
Clare (clare)
Report it right away to Airbnb and let them take a look. It's possible that someone has hacked your listing. Do it now!
Deborah (High Priestess)
If you know anything about hacking, you will realize that this is a hacker website....any website address that has "Airbnb" in it but it is not the real Airbnb website, it is a hacker website, set up to engage in phishing! Airbnb website always starts with "https" --not http -- indicating it is a SECURE website, and starts with www.airbnb.com or www.airbnb.co.uk, www.airbnb.co.fr, etc for different nations .
THis is doubtless a phishing site, set up for the sole purpose of perpetrating crimes -- getting hosts to go to a fake Airbnb page and be prompted to log in, thinking they are on the AIrbnb page, and then enter their account info, which is copied by the phishing site, so they steal your log in info, and then they hack your account and can either use it to steal your money or create additional phishing posts to try to lure other hosts in so they can steal yet more info. Phishing and hacked accounts are a real problem for Airbnb, so hosts must take care and use common sense.
Report this immediately to AIrbnb. HEre's what I got when I typed in that address and tried to go to that site -- this notification about the danger of this site comes from Google, I believe. Which indicates that Airbnb may actually already know about this phishing site and have reported it -- but you should report it anyway. Just click on the flag icon in the upper right corner of the message you got from the guest., to flag it to Airbnb to evaluate. WHat I don't understand is how these links are coming through the system, because the Airbnb message system is supposed to block links from guests who haven't booked yet, except for those which are really on the Airbnb website.
Clare (clare)
Deborah, you are more intrepid than I...I wasn't about to click on that link. One question remains, though. Should the real host do anything like change passwords, etc. ? If her listing got hacked, somehow the hacker got her info to do it. I'd be interested in Airbnb's instructions.
Deborah (High Priestess)
Clare -- the hackers send you this link only because they WANT to hack into your account, not because they have already done so. If they had already hacked your account they would not be sending you messages. Once they hack your account, they don;'t want you to know about that -- if you know about it, you will take steps to repossess your account and lock them out.
THere is no point in hackers contacting you after they have hacked your account, unless, (as we see in some sad cases) the hacker is actually holding your account or whole computer ransom, and is asking you to pay them a fee to restore the functioning of your computer to you! That does happen sometimes when people are tricked into downloading something onto their computer that they shouldn't -- eg they receive a message, ostensibly from an antivirus program company, saying their computer is at risk and they need to fix that by intsalling a program. Their computer is not at risk if they ignore this hacker message, but once they download the hacker software, their computer can be held hostage.
Sometimes clicking on a link does introduce a virus into your computer, but one has to think about what the hacker's goal is. WIth Airbnb hosts, the hacker's goal is not to just play pranks and put a virus on their computer. The goal is to steal their account info -- which they do by prompting hosts to log in on fake Airbnb pages. So by and large, the main things we have to beware of as hosts, is being prompted to log in on fake Airbnb pages.
Clare (clare)
What alarmed me is that there was a duplicate apartment listing but with a different host name. If Sophie's actual account wasn't hacked, how did the hacker get her listing info and, get it on Airbnb to boot.
Deborah (High Priestess)
Clare, the business about the duplicate listing and different host name is all phony.!!! THERE IS NO DUPLICATE LISTING!!! (There is no other host copying their listing!! )THis is all a fiction by the hacker to create a sense of alarm in the host so they fall prey to the hacker.
The whole point of the hacker is to come up with some ploy (in this case, the fiction that someone else copied their listing -- in other cases, it has been a ploy to ask host to go to a link that will supposedly help them be a superhost in 4 days) to get the host to do what they want, which is to visit their link and log in. SO with this fiction, they create a sense of urgency and alarm in a host, so that they don't think about what they are doing, but end up logging into a fake Airbnb page because they think someone else copied their listing.
Point being, the story that is presented is beside the point, it is all fake. The whole point is that you are being sent a link that the hacker wants you to think is the AIrbnb site so you log in. THey will come up with a thousand different ways to get you to do that. You need to see through all this and realize what they are trying to do. Eg you need to not miss the forest (the hacker luring you into the phishing site) for the trees (the particular one of any of a thousand fictional stories the hacker may present in order to get you to do that).
To make the host believe the "guest" more readily, hackers will often use AIrbnb accounts that they have already hacked into, to contact other hosts. That way, the host thinks the person contacting them "must be real" because they see the person has 23 reviews, or whatever, and a real listing with real reviews. That guest is real, but the person contacting you is not that guest, it's the hacker who hacked their account and is using their account now to lure others into their phishing site so that they can expand their arsenal of hacked accounts.
I'm not clear how Sophie got the message, whether through Airbnb messaging (eg as we do from any guest, when they inquire with us) or whether she got this to her private email only. sophie can you let us know how you got this message? In your Airbnb account or on your private email only?
Host
Hi both,
Thanks so much,
Yes this was sent to me through Airbnb with a requested date. I will report it now! Although I find it really difficult to ever get in touch with Airbnb!!
I assumed they wanted me to login so I havent done anything yet.
Thanks guys x
Deborah
That's what I thought, that the message was sent thru regular Airbnb messaging.
Thanks for reporting it, Sophie. I also sent this info to Airbnb so they can get right on it. In general it is important to report these phishing attempts right away so Airbnb can get their phishing website shut down right away, to lessen the likelihood of other hosts falling prey to them.
Posted 4m ago