Another phishing came!! Be very careful and never ...

Eddie9 · ‎28-01-2020

Of course, when I click the link, sure enough it is airbnb sign on page, which is intended to steal my credential....

Airbnb, please warn host on this as it is very bad....

Sarah977 · ‎28-01-2020

@Eddie9 Never click on any link in an Airbnb message from a guest. Even if you didn't sign in to that box on the link, they could still get your info because you clicked on it from your hosting account. This exact same scam wording has been posted here by other hosts. This isn't Airbnb customer service, but a discussion forum for hosts and guests. You need to immediately change your password and report this message directly to Airbnb, so they can disable the account it was sent from.

Eddie9 · ‎28-01-2020

It is a mainly a phishing attack, but not CSRF attack as far as I know. The url is not with the domain airbnb.com or withairbnb.com (both are the official domains of airbnb), so my browser will not send my host account cookie to them. That should be fine.

I have reported this message to Airbnb already. But you are right, in general, one should not click any link because of CSRF (although I am sure airbnb engineers should have the CSRF token or samesite flag setup correctly to mitigate that).

Katrina79 · ‎05-09-2020

Heads up, I just received one of these messages. I didn’t bother using the link they sent, but I did compare it to my listing links and it’s definitely a fake designed to steal my log-in info. Reported to Airbnb. This is the first time I’ve received a scam message, how often do other hosts receive messages like this?

Ann72 · ‎05-09-2020

@Eddie9 Thank you! @Katrina79 I have only gotten one or two in 6 years. I get more scammers than real bookings on VEBO/Homeaway, so many that I actually have a canned response.

Community Center

Resource Center

Help Center