Log In  
Help

Email scam! Help!

‎30-07-2018 08:59 PM
Paola698
Level 1
Muralto, Switzerland
‎30-07-2018 08:59 PM

Email scam! Help!

Dear all,

 

My mom just received an email with subject "Pending: Reservation Request" from Ferdnando (Airbnb) on her email inbox and she clicked on "view and reply" on the email. This link lead to her airbnb profile (she's a host) but she was a bit confused because no booking had been made on her house.

Of course, after I saw the email, I immediately understood it was a scam, but this was only hours after she clicked on the link.

 

Now we are a bit insecure because we are afraid some informaitons from her account might have been stolen. I looked up everywhere to have an Airbnb support per phone but nothing showed up.

Should we be scared? Shall we suspend our bank account or something?

I already changed the password, but I'm a bit afraid this can't be very helpful.

 

Any suggestion will be appreciated. Thank you!

‎30-07-2018 08:59 PM
Reply
0 Likes
10 Replies 10
‎30-07-2018 09:24 PM
Matthew285
Level 10
SF, CA
‎30-07-2018 09:24 PM

@Paola698 it is good that you are being cautious and vigilant about security.

 

Do you think the email somehow caused her login information to be compromised?

From your description, if the email link directed her to her host account: what it actually a link to Airbnb, or a link to a fake site that asked her to enter her username and password?

 

By the way: if someone else gained access to her account, it would not let them discover her banking information. (This is why your own banking information is never displayed in full, even to the legitimate user.) It only lets them *change* the information to something else (perhaps to direct the money to themselves). This (along with booking travel on your behalf) is the big financial danger.

 

If the email link did not try to get your mom's login information, what do you think they were trying to accomplish?

 

‎30-07-2018 09:24 PM
Reply
0 Likes
‎30-07-2018 09:45 PM
Paola698
Level 1
Muralto, Switzerland
In response to Matthew285
‎30-07-2018 09:45 PM

Dear Matthew,

 

Thank you for your helpful answer.

Actually when she clicked on the link it asked her to login to airbnb but once she log in she was directed to the app (she's working on her iphone).

Once on the app she had the inbox open with "all messages have been read".

That's very strange because at the end of the email you can see a signature from proudphuket.com (4 stars hotel).

 

Do you think if we delete our bank account and insert it again + changing the password, all should be fine?

‎30-07-2018 09:45 PM
Reply
0 Likes
‎31-07-2018 07:25 AM
Matthew285
Level 10
SF, CA
In response to Paola698
‎31-07-2018 07:25 AM

@Paola698 so it does sound like the link sent her to a web site that asked for her login credentials?

 

BTW: you can post the link here if you want (we promise not to click on it). That might help determine what is going on.

 

If you were able to change the password to something new, then I would imagine deleting the banking information and inserting it again would indicate things were fine.

 

Of course, I imagine you are going to keep a close eye on your payments, to make sure they get to you properly.

 

‎31-07-2018 07:25 AM
Reply
0 Likes
‎30-07-2018 10:09 PM
Letti0
Level 10
Atascosa, TX
‎30-07-2018 10:09 PM

@Paola698 I would change the password on someone elses computer or phone. Run a virus and malware program for a full scan on both her phone and laptop/computer. It could be a key logger or something else. Also when logged in on someone elses phone verify that the last 4 digits that show are her actual bank account, so you know whether someone changed the payout method. Make sure the virus/malware defintions are current before scanning. 

‎30-07-2018 10:09 PM
Reply
0 Likes
‎30-07-2018 10:30 PM
Paola698
Level 1
Muralto, Switzerland
In response to Letti0
‎30-07-2018 10:30 PM

Dear Letitia,

 

Thank you so much for your kind help.

Yes, we changed all passwords from my PC twice. I will now go through scan on our devices.

And yes, her bank account is still correct on the profile.

 

Very helpful, thanks a lot!

 

‎30-07-2018 10:30 PM
Reply
0 Likes
‎18-08-2018 11:17 PM
Hevi0
Level 2
‎18-08-2018 11:17 PM

Airbnb!

You have spoofed sites and we've been duped by these fake web sites!

The help lines on their fake web site are directly connected to you.

When we click on the link, you come back to help us.

How is this possible?
Are you planning to do something about this?

We will include you in the litigation process.

 

‎18-08-2018 11:17 PM
Reply
0 Likes
‎18-08-2018 11:40 PM
Matthew285
Level 10
SF, CA
In response to Hevi0
‎18-08-2018 11:40 PM

@Hevi0 Seriously?!

You are going to blame Airbnb because some criminals set up a fake web site and include Airbnb’s phone number on the fake site?

So if I set up a fake medical clinic and put your phone number on the door, it will be your fault?

 

Airbnb does a lot of things I don’t agree with, but even I don’t blame them for the actions of people who have no connection to the company.

‎18-08-2018 11:40 PM
Reply
‎19-08-2018 12:10 AM
Ana1136
Level 10
Ohrid, Macedonia (FYROM)
In response to Matthew285
‎19-08-2018 12:10 AM

@Matthew285 Agree! @Hevi0 What does Airbnb have to do with people setting up fake web sites? It is not like they support or encourage them. People set up all kinds of fake web sites, not just Airbnb, it is a very common scam, it is up to us to recognize the real from the fake ones. It is like getting angry at the "prince of india" because he didn't give you one milion dollars like prommised if you click on the link in the fake e-mail.

‎19-08-2018 12:10 AM
Reply
‎19-08-2018 11:03 AM
Hevi0
Level 2
In response to Ana1136
‎19-08-2018 11:03 AM

I'm not talking about just copying a phone number on this site. There's no phone on the fake site. You are clicking for help on a link and talking with real Airnbnb staff. Is that normal? Would you not complain if others are bothering you because somebody wrote your number on fake sites? Why is such an established organization doing nothing on this issue? Would you like your name to be used by others and make a fraudulent?

‎19-08-2018 11:03 AM
Reply
0 Likes
‎21-08-2018 03:06 AM
Matthew285
Level 10
SF, CA
In response to Hevi0
‎21-08-2018 03:06 AM

@Hevi0 all the criminals have to do to provide a link to real Airbnb staff is to copy the link to Airbnb support. This is no more complicated that copying a phone number.

 

Here's an example:

Right now, I am providing a link to your Amazon order history: 

https://www.amazon.com/gp/css/order-history

 

Click on that link and you are miraculously looking at your personal Amazon order history.

That must mean I must have some link to Amazon, right?

 

And why isn't Amazon doing something to stop me?

 

Please realize that anyone can set up a web site and pretend to be someone else. And, because of the way the internet works, it can be very difficult if not impossible to stop them.

Plus, even if you somehow get that one fake site removed, it can take all of 30 minutes to set up another one.

 

(Source: I manage networks and web servers.)

 

The primary defense against these fake sites is knowledge on the part of the customer. 

 

No, Airbnb doesn't like people making fake Airbnb sites. But they fight it by continuously trying to educate their customers.

 

https://www.airbnb.com/help/article/1519/someone-sent-me-a-link-to-airbnb--how-can-i-tell-if-it-s-re...

 

https://www.airbnb.com/help/article/971/how-do-i-know-if-an-email-is-really-from-airbnb

 

 

‎21-08-2018 03:06 AM
Reply

More from Help

Explore Resource Center articles