Hi Clare,

You've provided some helpful tips, but they don't necessarily address my biggest concerns. I do have all notifications turned on - it's how I immediately discovered and responded to my account being taken over. But the notification are only as effective as the subsequent actions taken by Airbnb and host. Let me explain further: 

 After I notified Airbnb that I was not responsible for the change of email, I didn't receive a response. So I called Customer Experience an hour later. This action resulted in my issue getting "escalated." I asked several questions to gain better understanding of the issue including what I should/could do to help. I was advised to do nothing and wait, while given the option to decline requests if I felt like it. So at this point, all of the onus has been on me. Which is fine, but knowing that taking action is up to me is invaluable and timely information.

Three more calls to Customer Experience and nine hours later my issue was still waitlisted and a service rep informed that he could get me back into the account so I could reset my e-mail and password. This floored me.  One, that it was still waitlisted seemed like a very lax stance on protecting personal information (whoever was in my account had access to my name, birthdate, address, phone number, email, pictures of me and my PayPal account all day!). Two, if I had the option to get back into my account and protect it myself it seems that would be the FIRST and foremost recommendation any service rep would make to me. Many companies feel a responsibility to take assertive action and contact their customers straight away, rather than waiting for customers to reach out, knowing that protections and swift action in identity vulnerability and fraud issues benefit everyone involved. 

I still can't imagine why it took so long for me to find out more about the goings on. To the annoyance of everyone I spoke to, I asked numerous probing questions trying to seek guidance from the Airbnb support team, only to find out several hours later that you had sound advice in your back pocket all along. I still don't have clarity about what happened. I don't know what Airbnb knows about account takeovers that they didn't share with me; only that they did not seem to find it urgent (based on actions, not words). If Airbnb has good reason not to be alarmed, certainly concerned customers could benefit from learning why not.

It's clear that your Customer Experience staff are well trained. Not one of them strayed from the script they've been given and they all seemed aware of their limitations to escalate an urgent issue any further. In order to better protect your users and their identities, I strongly recommend training staff to be more forthcoming in matters like this about how much action Airbnb can and will take, in what kind of time frame they may do it, and what the user can do to help their situation. WHY wouldn't you?!

😞 This is really troubling, especially how many people get hacked--whether in the classic sense or, usually, not. Phishing is a huge enough problem that you at this point can't just blame the account holder. In my most recent experience, I flagged a scammer trying to coax me off site. It took Airbnb at least a day to delete or suspend that account.

@Paige6 I can certainly understand your frustration and concern about your Airbnb account being compromised as it is a scary experience having a stranger rummaging around your personal details.   Hopefully your account is now secure.  The only reason I knew to take the actions I recommended to you was from reading other posts by hosts who were familiar with this sort of scam.  

In reading your response, I'm not real clear when you say "you" and "your"  whether you are referring to me or Airbnb.  I agree that Airbnb should show more concern and give more guidance to affected users when scammers invade accounts like they apparently did yours.  That said, it seems that all has been restored to normalcy which is the ultimate goal.  

If you have changed your passwords for both your Airbnb account and your email account,  you have done the equivalent of changing the locks on your house to prevent any further intrusions.  I'm not sure what more Airbnb can do other than to provide assurance that this is all you need to do. 

One thing you need to be cognizant of is that Airbnb is just a peer to peer platform that hosts and guests use to connect with each other.  Unlike, a bank which has fraud detection systems, Airbnb has no way of knowing an account has been compromised until a user reports it.  So in a sense the burden is on the user to take whatever steps are necessary to protect their own account including how to recognize phishing attempts.  I agree with you that the first and immediate action Airbnb should take in these cases is to inform users what step to take to regain control of their accounts.  

As to not having clarity about what happened, accounts are compromised by a phishing scammer getting  account information, not from Airbnb, but by some inadvertant action on the part of the user.  Scammers are extremely sophisticated in luring users into giving up information they shouldn't.  Even a simple public tweet to Airbnb revealing an email address can result in phishing attempts to the user within minutes.   Airbnb cannot stop phishing attempts.  They can only give warnings about them.  If I didn't provide this before, here is an Airbnb help article about recognizing legitimate communication from Airbnb: 

https://www.airbnb.com/help/article/971/how-do-i-know-if-an-email-is-really-from-airbnb

Hopefully this gives you useful information to help you keep your account secure in the future.  Feel free to ask more questions if you have them.  

@Clare0

Sorry! I wasn't sure if you represent Airbnb so I may have used "you" and "your" incorrectly when addressing the entity. 

Having changed my "locks" has returned things to normal as far as I can see. If, however, someone does have my personal information and plans to use it for identity fraud scams, then my problems have not yet begun. And not knowing that is part of what makes this so nerve-wracking. 

You hit the gist of it here when you said, "I'm not sure what more Airbnb can do other than to provide assurance that this is all you need to do." This assurance is what has been missing.

Thanks again for your tips on protection and for the necessary reminder that Airbnb is merely a third party platform. I appreciate the time you've taken in communicating with me on this.

@Paige6 He, he, no, I'm just a run of the mill host, not an Airbnb staffer.  Regarding your concern about identity theft,  you should know that Airbnb's website which contains your identification, payout account info and other personal details is secure.  A successful scammer can change this info using phished information to redirect communication, etc., but they are not able to access the the hosts' original information on the website itself.  

Usually compromised accounts are used as  vehicles to set up fraudulent listings intended to scam other users, not the owner of the compromised account.  That said, I would still be vigilant for any unusual activity on your payout account. 

Here's a perfect example of a host's compromised account being used to scam potential guests.  While it is not unusual for hosts to live in a country other than where their listing is located, it is not common.  In this case the listing is in Miami and the host is from the UK. 

www.airbnb.com/rooms/11391594

How do I know it's a scam?  The picture encouraging guests to communicate off site by email is typical.  Once communication is established by email, the "host"  then asks guests to pay by bank wire transfer (essentially cash) and the guest gets nothing.  It is unknowable whether the real host is aware their account has been compromised and used for fraud.  Guests who are unaware of the importance of communicating and paying through Airbnb's website are victimized by these criminals.  And it all starts with a user responding to a phishing attempt. 

Don't worry, I will be flagging this listing and Airbnb will remove it.  I've flagged over 150 of these types of listings and no longer keep count.  

So long as you are vigilant and keep your personal information confidential, you'll be fine.  

I wish you the best and hope that 2016 is a very profitable year for you!

Hi 

I had a similar situation happen to me in June. It took airbnb 3 weeks to let me back into my account. I called their contect centre but they are  powerless as it is another department. The department dealing with it refused to update the contact centre for 3 weeks. The only way I got it resolved was to go onto airbnb social media and start complaining.

B

Have you tried contacting them on twitter or on the phone?

Here's a how-to guide you might find helpful:

https://community.airbnb.com/t5/Hosts/Contact-Airbnb-A-Community-Help-Guide/m-p/16165#M23397

Best of luck and I wouldn't cancel anything just yet.