This thread on the new Airbnb groups is a good example of the kind of strategy hackers are using to try to hack your account: community.airbnb.com/t5/General-Hosting/Real-link/m-p/3419#U3419
THis message was sent to a host:
My name is _____ , I need your room is possible ?
I have see on airbnb same apartment but is other host , How is it possible ?
Here is other hostwww.room92913.build/Airbnb
I will wait your Reply
How I responded:
If you know anything about hacking, you will realize that this is a hacker website....any website address that has "Airbnb" in it but it is not the real Airbnb website, it is a hacker website, set up to engage in phishing! Airbnb website always starts with "https" --not http -- indicating it is a SECURE website, and starts with www.airbnb.com
, etc for different nations .
THis is doubtless a phishing site, set up for the sole purpose of perpetrating crimes -- getting hosts to go to a fake Airbnb page and be prompted to log in, thinking they are on the AIrbnb page, and then enter their account info, which is copied by the phishing site, so they steal your log in info, and then they hack your account and can either use it to steal your money or create additional phishing posts to try to lure other hosts in so they can steal yet more info. Phishing and hacked accounts are a real problem for Airbnb, so hosts must take care and use common sense.
Report this immediately to AIrbnb. HEre's what I got when I typed in that address and tried to go to that site -- this notification about the danger of this site comes from Google, I believe. Which indicates that Airbnb may actually already know about this phishing site and have reported it -- but you should report it anyway. Just click on the flag icon in the upper right corner of the message you got from the guest., to flag it to Airbnb to evaluate. WHat I don't understand is how these links are coming through the system, because the Airbnb message system is supposed to block links from guests who haven't booked yet, except for those which are really on the Airbnb website. Attachment Deleted
Things to keep in mind: the hackers send you this link only because they WANT to hack into your account, not because they have already done so. If they had already hacked your account they would not be sending you messages. Once they hack your account, they don;'t want you to know about that -- if you know about it, you will take steps to repossess your account and lock them out.
THere is no point in hackers contacting you after they have hacked your account, unless, (as we see in some sad cases) the hacker is actually holding your account or whole computer ransom, and is asking you to pay them a fee to restore the functioning of your computer to you! That does happen sometimes when people are tricked into downloading something onto their computer that they shouldn't -- eg they receive a message, ostensibly from an antivirus program company, saying their computer is at risk and they need to fix that by intsalling a program. Their computer is not at risk if they ignore this hacker message, but once they download the hacker software, their computer can be held hostage.
Sometimes clicking on a link does introduce a virus into your computer, but one has to think about what the hacker's goal is. WIth Airbnb hosts, the hacker's goal is not to just play pranks and put a virus on their computer. The goal is to steal their account info -- which they do by prompting hosts to log in on fake Airbnb pages. So by and large, the main things we have to beware of as hosts, is being prompted to log in on fake Airbnb pages.
NOte that business about the duplicate listing and different host name is all phony.!!! THERE IS NO DUPLICATE LISTING!!!
(There is no other host copying their listing!! )THis is all a fiction by the hacker to create a sense of alarm in the host so they fall prey to the hacker.
The whole point of the hacker is to come up with some ploy (in this case, the fiction that someone else copied their listing -- in other cases, it has been a ploy to ask host to go to a link that will supposedly help them be a superhost in 4 days) to get the host to do what they want, which is to visit their link and log in. SO with this fiction, they create a sense of urgency and alarm in a host, so that they don't think about what they are doing, but end up logging into a fake Airbnb page because they think someone else copied their listing.
Point being, the story that is presented is beside the point, it is all fake. The whole point is that you are being sent a link that the hacker wants you to think is the AIrbnb site so you log in. THey will come up with a thousand different ways to get you to do that. You need to see through all this and realize what they are trying to do. Eg you need to not miss the forest (the hacker luring you into the phishing site) for the trees (the particular one of any of a thousand fictional stories the hacker may present in order to get you to do that).
To make the host believe the "guest" more readily, hackers will often use AIrbnb accounts that they have already hacked into, to contact other hosts. That way, the host thinks the person contacting them "must be real" because they see the person has 23 reviews, or whatever, and a real listing with real reviews. That guest is real, but the person contacting you is not that guest, it's the hacker who hacked their account and is using their account now to lure others into their phishing site so that they can expand their arsenal of hacked accounts.
Something that I think would be very helpful for all hosts to keep in mind, is that anyone contacting you with a message that has a phishing site link in it , or a "fake" Airbnb link, and telling a story to get you to go to that link, is a criminal. No real guest will be sending you a link to a criminals' website. Similarly, we have seen cases of messages posted on the old Airbnb host community groups (and it's possible some may get posted on these groups too) which are posted by criminals, and these messages contain links to these "fake" Airbnb sites. These messages may say things like "Tricks to become a Superhost in 4 days!" Or "Secrets on how to make a huge amount of money as a host!", or the like. Something that basically sounds unlikely and scammy, but naive hosts may fall for it.
In general, a good guideline for hosts, is to be aware that if someone is telling some sort of story and asking you to visit a link that seems to be a fake Airbnb site because the link has the word "Airbnb" in it, but it isnt' the real Airbnb address (which as a host it pays for you to know), then you should be cautious.
As I mentioned, these criminals are largely not out to spread viruses -- if that were their only goal, they would not be seeking Airbnb hosts specifically, they could email anyone at all with links that cause problems if you click on them. Rather, they are seeking to send hosts to fake Airbnb websites, designed to look just like the Airbnb log-in page, to lure hosts to log in with their account info there, so they can steal your email and account password, and then gain access to your account. THere are numerous types of crimes they can commit once they do that, from using a real Airbnb users' account to contact someone like Sophie to try to lure more hosts in, to stealing money from the host's account, to setting up fake listings and trying to get lure guests to pay them offsite and steal money that way.