Post by High Priestess on Mar 1, 2016 5:24:54 GMT
Here is a post about Phishing on Home Sharers of San Francisco in Oct 2013: It includes correspondence from AIrbnb Trust and Safety team so there is good info:
www.airbnb.com/groups/content/content-16980
Paul shared 2 years ago
Paul
Phishing trip - be careful with requests
Hi from Sydney,
Not sure if anyone stateside has had this recently but five people in the Sydney Hosts Communith have had fake approaches. Mine was from 'Susan' in Boston wanting a two week $1700 stay in May. She said that she wanted one of my places and put in a link to it which I thought was weird. I decided to click on is as I'm on a mac and less liable for viruses. But it took me to a log in screen and as I was already logged in, I knew this was fake. Closed the window, logged off, disconnected from the net, booted the iPad up again and contacted Customer Support. Yep, it was phishing. I posted on out local forum and at least five have had similar messages in 48 hours. Anything like this in SF?
Cheers,
Pau
16 comments•3 likes
Follow
Like
Gayle
Peter
Lynn
Cecilia (Gina)
Cecilia (Gina)2 years ago
Not yet, Paul, but thanks for the heads up!
Reply Like
Peter
Peter2 years ago
Ditto.
Reply Like
David & Violette
David & Violette2 years ago
I had this message last week. I did not click the link. I responded asking for more info. I received a message from Airbnb letting me know that this was a false message and the original message and thread were removed from my inbox. First time this ever happened to me.
David
Reply Like
Latasha
Latasha2 years ago
Hi Paul, I don't live in San Fran, but the same happened to me a few days ago also a few months ago. I also opened the link but did not sign in. Wish I would have rebooted though.
Customer service contacted me on both occasions to let me know it was some kind of scam to obtain my info. The email was very informative. I could post it if anyone's interested.
Reply Like
Geo
Geo2 years ago
As well a big thank you!!!!
Smiles
Reply Like
Paul
Paul2 years ago
One of the other Sydney hosts suggested that anyone who gets as far as clicking the link - even if you don't enter any details - should change their password. I did this as it is easy and just one more step of protection. They also suggested logging in with a new email which I think I will do and only have Airbnb mail come to it anyway.
Reply Like
Latasha
Latasha2 years ago
Oh wow! Thanks for the advice!
Reply Like
Lynn
Lynn2 years ago
yes - please post Airbnb phishing advice
Reply Like
Latasha
Latasha2 years ago
Dear Latasha,
I am reaching out to you because another Airbnb member has requested to communicate with you away from our secure message system. At Airbnb, we do everything we can to create a safe and trusted marketplace. Very rarely, fraudulent individuals misuse our site and our brand in the attempt to obtain offsite payment or gain access to one’s account by communicating via personal email or phone, and we wanted to alert you to the possibility of such a scam.
Contact information should never be exchanged prior to having an accepted booking. When guests book through Airbnb, their payment is held for 24 hours after check-in. The host’s contact information and listing address are only shared with guests with an accepted reservation. This process allows us to protect the safety and privacy of both hosts and guests.
All legitimate Airbnb user communications and payments will take place on our website. Any paper or PDF invoice requesting payment via bank transfer, Western Union, MoneyGram, or similar offsite vendor should be immediately flagged and ignored. For an example of what a flag looks like and further information on how you can report suspicious activity, please see our FAQ: www.airbnb.com/help/question/4.
Again, we are very sorry for the inconvenience, as this is not what the Airbnb community is about. If you have any further questions or concerns, please visit our Trust Center on how to protect yourself as a member and have a wonderful experience using Airbnb: www.airbnb.com/trust
Best Regards,
Kari
Airbnb Trust and Safety Team
Reply Like 1 like
Latasha
Latasha2 years ago
I had questions and here's the follow up emails.
Reply Like
Latasha
Latasha2 years ago
Hello Latasha,
Thanks for getting back to us! My name is Danielle and I am part of the Trust & Safety team here at Airbnb.
Please accept my apologies for any concern caused by this notification. Hopefully I can clarify the situation for you. Unfortunately, you were contacted through our site by an account under the name of Cai, this is a legitimate user, however, their account had been compromised by someone who may have been trying to gain other hosts private login details. Since the profile is currently removed from our site for review, so is the message thread in question. I'm sorry for any inconvenience or confusion caused.
On a related note, I would like to take the opportunity to recommend the following best practices in order to preserve your account's security, and operate safely online. Some of this you may be familiar with already, so please forgive me if I am telling you something you already know!
1. Never enter your login credentials on an unsecured webpage, or when prompted by a suspicious email, only when https:// is displayed in your browser.
2. Do not click any links, or download attachments, from unverified sources. These may be ‘phishing’ emails created in an attempt to obtain personal information. Such emails will contain malware or other suspicious software, designed to gather information from your device.
3. Install a pop-up blocker from a trustworthy source, and install a personal firewall and antivirus software. Remember to run scans for viruses and malware frequently.
4. Change your passwords frequently. The best kind of password will contain a combination of letters, numbers and symbols, and is not shared across any accounts.
Please rest assured that I've reviewed your account and confirmed that it is secure. Remember to keep all communication and transactions on Airbnb so that you can be assured of both our protections, and some of the measures we take - such as verified ID - to help provide the very best possible experience. For more information, please visit our Help Center: www.airbnb.com/help/topic/140.
Again, we are very sorry for this unsettling experience, as this is not what the Airbnb community is about. We encourage you to periodically visit the Trust Center for suggestions on how you can best protect yourself as an Airbnb user: www.airbnb.com/trust. Please let us know if you have any additional questions or concerns - we’re happy to provide further information!
Best regards,
Danielle B
www.airbnb.com/help
Reply Like 1 like
Latasha
Latasha2 years ago
Hello Latasha,
As long as you did not enter any of your personal information after opening the link you do not need to worry. At this time since, those accounts have been removed we are not releasing any account information since the account was initally for a legitimate user, however, had been compromised by another user looking to obtain other hosts personal information.
Here are some tips on what you can do to stay safe:
You should always sign in via a secure connection, and we ask you to ensure that the address in your browser is exactly like this "https://www.airbnb.com" It should also show a little padlock symbol to indicate the secure connection.
Phishing is the process whereby a malicious third party attempts to trick you into providing information that they shouldn't have. For instance, someone could send you an email pretending to be from Airbnb and asking you to click on a link to a page where you sign in and check your account.
When you click this link you are then directed to a website that may look like Airbnb; however, it is being controlled by a third party and when you enter your Airbnb email and password they store this information and use it for malicious purposes.
So how do you defend against phishing? Vigilance. Whilst SPAM filters and other filters are increasingly effective there will always be some emails that get through. But by increasing your awareness and alertness when confronted with these fake emails or malicious sites you can use simple steps to defeat their attempts.
Emails that have a false sense of urgency, for instance "Unless you click this link your Airbnb account will be disabled", or "Your account has been compromised, click here to view details" are both examples of asking you to act in haste without verifying the source.
If an email is asking you to perform an action on your account, don't follow the links on the email but instead type " www.airbnb.com"; into your browser and go to your account directly from Airbnb website.
If you arrive at a website, through a link or some other such redirection ensure that it says airbnb.com in the URL and does not contain within the web address additional characters or words. For instance, airbnb.com/bya or Airbnb1.com are both invalid web addresses. And remember, if you do think that your account has been compromised or even suspect it, then go to airbnb.com and change your password immediately.
As always, please do not hesitate to contact us if you have further questions or concerns.
Best,
Danielle B
www.airbnb.com/help
Reply Like 1 like
Latasha
Latasha2 years ago
Hope it helps!
Reply Like 1 like
Peter
Peter2 years ago
Thanks Latasha. Online security is something constantly on my mind. I'm currently corresponding with the Products Team at Airbnb to try and organize a meeting on the subject. Look out for a notice in January or February on a Home Sharers meeting on online security, scams, hackers, phishing - how to identify them and how to avoid them.
Reply Like
Latasha
Latasha2 years ago
Okay, I will!! Will there be online access to the meeting? Would also like to hear/see/get notes from the Tax meeting in December.
I'm in NYC so can't be there physically.
Reply Like
Alexa
Alexa2 years ago
Thanks for the info Paul & to everybody too! I will keep an eye on that. I guess the best approach is don't click on any links (just like what I do with my regular emails).
Reply Like
Deborah
www.airbnb.com/groups/content/content-16980
Paul shared 2 years ago
PaulPhishing trip - be careful with requests
Hi from Sydney,
Not sure if anyone stateside has had this recently but five people in the Sydney Hosts Communith have had fake approaches. Mine was from 'Susan' in Boston wanting a two week $1700 stay in May. She said that she wanted one of my places and put in a link to it which I thought was weird. I decided to click on is as I'm on a mac and less liable for viruses. But it took me to a log in screen and as I was already logged in, I knew this was fake. Closed the window, logged off, disconnected from the net, booted the iPad up again and contacted Customer Support. Yep, it was phishing. I posted on out local forum and at least five have had similar messages in 48 hours. Anything like this in SF?
Cheers,
Pau
16 comments•3 likes
Follow
Like
Gayle
Peter
Lynn
Cecilia (Gina)
Cecilia (Gina)2 years ago
Not yet, Paul, but thanks for the heads up!
Reply Like
Peter
Peter2 years ago
Ditto.
Reply Like
David & Violette
David & Violette2 years ago
I had this message last week. I did not click the link. I responded asking for more info. I received a message from Airbnb letting me know that this was a false message and the original message and thread were removed from my inbox. First time this ever happened to me.
David
Reply Like
Latasha
Latasha2 years ago
Hi Paul, I don't live in San Fran, but the same happened to me a few days ago also a few months ago. I also opened the link but did not sign in. Wish I would have rebooted though.
Customer service contacted me on both occasions to let me know it was some kind of scam to obtain my info. The email was very informative. I could post it if anyone's interested.
Reply Like
Geo
Geo2 years ago
As well a big thank you!!!!
Smiles
Reply Like
Paul
Paul2 years ago
One of the other Sydney hosts suggested that anyone who gets as far as clicking the link - even if you don't enter any details - should change their password. I did this as it is easy and just one more step of protection. They also suggested logging in with a new email which I think I will do and only have Airbnb mail come to it anyway.
Reply Like
Latasha
Latasha2 years ago
Oh wow! Thanks for the advice!
Reply Like
Lynn
Lynn2 years ago
yes - please post Airbnb phishing advice
Reply Like
Latasha
Latasha2 years ago
Dear Latasha,
I am reaching out to you because another Airbnb member has requested to communicate with you away from our secure message system. At Airbnb, we do everything we can to create a safe and trusted marketplace. Very rarely, fraudulent individuals misuse our site and our brand in the attempt to obtain offsite payment or gain access to one’s account by communicating via personal email or phone, and we wanted to alert you to the possibility of such a scam.
Contact information should never be exchanged prior to having an accepted booking. When guests book through Airbnb, their payment is held for 24 hours after check-in. The host’s contact information and listing address are only shared with guests with an accepted reservation. This process allows us to protect the safety and privacy of both hosts and guests.
All legitimate Airbnb user communications and payments will take place on our website. Any paper or PDF invoice requesting payment via bank transfer, Western Union, MoneyGram, or similar offsite vendor should be immediately flagged and ignored. For an example of what a flag looks like and further information on how you can report suspicious activity, please see our FAQ: www.airbnb.com/help/question/4.
Again, we are very sorry for the inconvenience, as this is not what the Airbnb community is about. If you have any further questions or concerns, please visit our Trust Center on how to protect yourself as a member and have a wonderful experience using Airbnb: www.airbnb.com/trust
Best Regards,
Kari
Airbnb Trust and Safety Team
Reply Like 1 like
Latasha
Latasha2 years ago
I had questions and here's the follow up emails.
Reply Like
Latasha
Latasha2 years ago
Hello Latasha,
Thanks for getting back to us! My name is Danielle and I am part of the Trust & Safety team here at Airbnb.
Please accept my apologies for any concern caused by this notification. Hopefully I can clarify the situation for you. Unfortunately, you were contacted through our site by an account under the name of Cai, this is a legitimate user, however, their account had been compromised by someone who may have been trying to gain other hosts private login details. Since the profile is currently removed from our site for review, so is the message thread in question. I'm sorry for any inconvenience or confusion caused.
On a related note, I would like to take the opportunity to recommend the following best practices in order to preserve your account's security, and operate safely online. Some of this you may be familiar with already, so please forgive me if I am telling you something you already know!
1. Never enter your login credentials on an unsecured webpage, or when prompted by a suspicious email, only when https:// is displayed in your browser.
2. Do not click any links, or download attachments, from unverified sources. These may be ‘phishing’ emails created in an attempt to obtain personal information. Such emails will contain malware or other suspicious software, designed to gather information from your device.
3. Install a pop-up blocker from a trustworthy source, and install a personal firewall and antivirus software. Remember to run scans for viruses and malware frequently.
4. Change your passwords frequently. The best kind of password will contain a combination of letters, numbers and symbols, and is not shared across any accounts.
Please rest assured that I've reviewed your account and confirmed that it is secure. Remember to keep all communication and transactions on Airbnb so that you can be assured of both our protections, and some of the measures we take - such as verified ID - to help provide the very best possible experience. For more information, please visit our Help Center: www.airbnb.com/help/topic/140.
Again, we are very sorry for this unsettling experience, as this is not what the Airbnb community is about. We encourage you to periodically visit the Trust Center for suggestions on how you can best protect yourself as an Airbnb user: www.airbnb.com/trust. Please let us know if you have any additional questions or concerns - we’re happy to provide further information!
Best regards,
Danielle B
www.airbnb.com/help
Reply Like 1 like
Latasha
Latasha2 years ago
Hello Latasha,
As long as you did not enter any of your personal information after opening the link you do not need to worry. At this time since, those accounts have been removed we are not releasing any account information since the account was initally for a legitimate user, however, had been compromised by another user looking to obtain other hosts personal information.
Here are some tips on what you can do to stay safe:
You should always sign in via a secure connection, and we ask you to ensure that the address in your browser is exactly like this "https://www.airbnb.com" It should also show a little padlock symbol to indicate the secure connection.
Phishing is the process whereby a malicious third party attempts to trick you into providing information that they shouldn't have. For instance, someone could send you an email pretending to be from Airbnb and asking you to click on a link to a page where you sign in and check your account.
When you click this link you are then directed to a website that may look like Airbnb; however, it is being controlled by a third party and when you enter your Airbnb email and password they store this information and use it for malicious purposes.
So how do you defend against phishing? Vigilance. Whilst SPAM filters and other filters are increasingly effective there will always be some emails that get through. But by increasing your awareness and alertness when confronted with these fake emails or malicious sites you can use simple steps to defeat their attempts.
Emails that have a false sense of urgency, for instance "Unless you click this link your Airbnb account will be disabled", or "Your account has been compromised, click here to view details" are both examples of asking you to act in haste without verifying the source.
If an email is asking you to perform an action on your account, don't follow the links on the email but instead type " www.airbnb.com"; into your browser and go to your account directly from Airbnb website.
If you arrive at a website, through a link or some other such redirection ensure that it says airbnb.com in the URL and does not contain within the web address additional characters or words. For instance, airbnb.com/bya or Airbnb1.com are both invalid web addresses. And remember, if you do think that your account has been compromised or even suspect it, then go to airbnb.com and change your password immediately.
As always, please do not hesitate to contact us if you have further questions or concerns.
Best,
Danielle B
www.airbnb.com/help
Reply Like 1 like
Latasha
Latasha2 years ago
Hope it helps!
Reply Like 1 like
Peter
Peter2 years ago
Thanks Latasha. Online security is something constantly on my mind. I'm currently corresponding with the Products Team at Airbnb to try and organize a meeting on the subject. Look out for a notice in January or February on a Home Sharers meeting on online security, scams, hackers, phishing - how to identify them and how to avoid them.
Reply Like
Latasha
Latasha2 years ago
Okay, I will!! Will there be online access to the meeting? Would also like to hear/see/get notes from the Tax meeting in December.
I'm in NYC so can't be there physically.
Reply Like
Alexa
Alexa2 years ago
Thanks for the info Paul & to everybody too! I will keep an eye on that. I guess the best approach is don't click on any links (just like what I do with my regular emails).
Reply Like
Deborah
Michel
