
Be aware of phishing at airbnb - jalapl
Having heard good opinions about Airbnb, I recommended it to my girlfriend looking for holiday accommodation in Spain. I personally have never used Airbnb before but having good experience both with 9flats and booking.com so far, I did not expect anything bad could actually happen. Airbnb claims they verify all of their hosts as the other similar websites, so booking a home should be as easy as possible.<p>After she had chosen a perfect home nearby Barcelona, she started having a conversation with the host. For users&#x27; convenience Airbnb provides a possibility to answer the messages sent from their website directly via email. It indeed makes the whole conversation easier (you do not need to log in every time you want to answer the message) however it increases the chance of fraud bookings.<p>The host was indeed sending the answers via Airbnb until he sent last one including booking details (usual emails from airbnb are sent from express@airbnb.com, his email was express@e-airbnb.com). Provided URL was also redirecting e-airbnb.com instead of airbnb.com. The website was looking exactly as airbnb does and included all booking and payment details. All the other links available on this fraud website were redirecting to real airbnb website.<p>Unfortunately, she has done the payment via Moneygramm (as it was described in the payment details) and since then there has been no contact with the host.<p>Airbnb has been also informed about this issue. As they guarantee hosts&#x27; verification I would expect them to get more interested in this case. Sadly, it took them 2 days to apologise and it seems like they do not take any responsibility for their hosts ....<p>Hopefully, thanks to this post at least one person will save his money while booking on airbnb. We have lost almost 2k euro ...
======
sentientmachine
Also watch out for a bait and switch on Airbnb. I'm actually sitting in a nice
apt now from airbnb. So I am happy with it. But there is another host who is
trying to get me for an $1800 cleaning fee. What happens is you book a room in
advance for a month. Then the host waits until 12 hours before the point of no
cancelation to say "its not available but there is another one for a lot less
cost that is a lot worse.". You say no before the cutoff window but then he
lowers the cost to bargain basement levels. You accept. And he accepts by
booking a different apartment under the haggling text message agreement.
Naturally you move to requisition the disagreement as he said he would. But he
stalls until the last minute and unsweetens the deal until you cancel. Boom.
He has your money and can point to the fine print and his strict cancellation
policy that the trouble he went through to clean the room and get it " fixed
up" justifies the $1800 charge for a room I didn't set foot in.

Moral if the story. If you don't get prompt reply and if any changes occur
after booking. Stay away from that host. They are fishing for free money
playing the rules of Airbnb.

Airbnb is supposedly going to get back to me about this disagreement, and
there is a ticket to deal with it. But its been 5 days after the event and I
pinged them twice with email. My other option may be to contest the charge on
my credit card. Scammers are everywhere that rules and large sums of money can
be found. And many of those scammers will be right there along side you
jockeying for victimhood status.

~~~
Cieplak
Just call your bank and you'll get your money back immediately. The chargeback
process is hugely biased in favor of the cardholder. You can even win the
chargeback if you had stayed in the place and it was not as advertised. If you
start filing a lot of chargebacks, though, you'll likely be flagged by the
card network.

------
kilburn
@everyone: Renting your place through airbnb is most probably illegal in
Barcelona. Please double or triple-check any offers you get because you must
be registered (and pay) if you want to rent your place to tourists [1] here.

@poster: Contact me (mynickname at la3 dot org) if you are running short on
money because of the scam and need a place to stay for a few days. This is a
couchsurfing style offer, not airbnb style.

[1] [http://www.theguardian.com/technology/2014/jul/07/airbnb-
fin...](http://www.theguardian.com/technology/2014/jul/07/airbnb-fined-
illegal-tourist-lets-barcelona-catalonia)

~~~
JohnTHaller
Most of airbnb's listings in many of their most popular cities are done
illegally. It's kind of the m.o. of airbnb. Take a look at Manhattan and do a
search for 'whole apt'. Every single one of those is illegal unless the owner
has a bed and breakfast license (the one or two that do will mention the fact
that they do). When you run the numbers by searching the 'own room' and
'shared room', you realize that over 50% of airbnb's Manhattan listings are
illegal. So, why would you trust a company that runs a mostly-illegal
apartment rental service?

~~~
sillysaurus3
_why would you trust a company that runs a mostly-illegal apartment rental
service?_

Because the law hasn't caught up to reality yet.

Airbnb has made a significant positive difference in my own life. I would've
been in a bad spot if not for the places I found via Airbnb. No idea whether
the transactions were legal, but in the end I found a place to live and the
host found a tenant. Win-win.

The problem is when people rent these places and then throw loud parties. The
neighbors' rights are violated in that case. I don't know of a good solution,
but I don't think it's worth sacrificing the entire platform due to that
problem.

EDIT: It seems like if people here were given the option of either casting me
out into the street or letting me rent an Airbnb apartment, some would
honestly and truly choose the former.

In the part of America I was in, you can't get an apartment without proof of
employment, unless you have more than $15k in the bank. (Something like a year
or two worth of rent. I forget the exact amount.) I was between jobs at the
time, and needed a place to stay to get another job. So, which illegal act
would you have me do: Get a friend to say they were "employing" me as a
consultant, or rent an apartment via Airbnb? Why would you be okay with the
former, but not the latter? And if you're okay with neither, then what would
you have me do?

~~~
wdewind
> The problem is when people rent these places and then throw loud parties.
> The neighbors' rights are violated in that case. I don't know of a good
> solution, but I don't think it's worth sacrificing the entire platform due
> to that problem.

The thing that frustrates me is that there are pretty obvious solutions,
actually:

1) AirBnB needs to provide a service where anyone can check to see if a
building has any AirBnB units in it. Then they need to be able to file
complaints about the unit.

2) AirBnB needs to require written permission from the landlord of the
property.

1) seems completely feasible to implement for me, and I'm pissed they haven't
yet. The only problem is once they have the complaint, they'd pretty much be
required to notify the landlord which leads us to 2) which also seems
feasible, but would obviously obliterate their market. Ultimately they've
overextended themselves on that front, and either they will be successful
lobbying change, or a company that figures out how to do what they are doing
while making peace with landlords and the hotel lobby will come along.

~~~
Kalium
1) strikes me as a ready-made weapon for hotels to harass AirBnBers.

~~~
wdewind
Why would anyone want to harass AirBnBers?

------
jalapl
Just to clarify, the naked e-airbnb request indeed redirects to airbnb
website. The generated by the cheater URL was the only one working fine.

It had the same layout as the whole airbnb website and every url available on
that website was also redirecting to real airbnb website .... except the one
with payment and booking details ...

------
squids
We just had a run in with a scam for a place in Majorca on Airbnb. The place
looked amazing and was reasonably priced for what it was so I reverse image
searched the pictures and it turns out they had lifted them from a resort in
the Carribean. The google maps view of the place lined up nicely with the
other property so they'd obviously put some time into choosing the right fake.
Luckily we cancelled our booking within 15 mins. To their credit airbnb have
taken it down pretty quickly.

~~~
spacefight
For reverse image search, I often use tineye.com What else is there and what
did you use?

~~~
ErikHuisman
chrome > right click on image > search with google images

~~~
alxndr
Whoa, how long has that been there?

------
ufmace
Wait, I've stayed in several AirBnB places, and you always pay with credit
card through the website, where they act as an escrow agent. Wouldn't a
request to pay through any off-site means be a massive red flag?

~~~
addandsubtract
Yes. Sounds like OP's girlfriend wanted to circumvent Airbnb's escrow service
to (presumably) drop the associated fees.

~~~
csbrooks
Or maybe she hadn't used Airbnb before, and was just following the
instructions that got emailed to her.

------
xyclos
be sure to report this to moneygram[1]

[1][https://www.moneygram.com/wps/portal/moneygramonline/home/Cu...](https://www.moneygram.com/wps/portal/moneygramonline/home/CustomerService/ContactUs/!ut/p/c5/lZDfToMwHIWfZQ9g-itl0F3CygpMBkMnf24M27CplFbFmI2nH7vVTOM5l1
--5OSgGk3VzZcUzac0ulGoRLXzHC4YhHYKixQnABGdxxvHxRgCa-
LVbe7Y_7L5E2cTp4T464AAhT_sGNVCmf20smCH7sSMJ1jA8mH0QYV7K04jLoP4wXhBEqq7XrvnzO_gsCWVMKzXj3L-UY7ZVrkKIq5xIVv7_pXDsF5aVanxsT5Ti9fjCWeDXA3vR7pjy0zljnhxE0NWqLi-9fv-K4cb8eCb__O9TWj6Fr31u3Jsu5x6s9kFW9q_KQ!!/dl3/d3/L2dJQSEvUUt3QS9ZQnZ3LzZfSDlEMEg0TzA5TzFNMDBJODVKTjY3MTEwVTE!/)

------
matthewmacleod
That sucks, but:

\- It's not really Airbnb's fault - not much you can do about this aside from
apologise and remove the listing (which I assume they did, or will at least
investigate)

\- You will get scammed if you use MoneyGram. It's the equivalent of sending
an envelope full of banknotes. Don't do it!

------
jcr
One thing to keep in mind is the host/owner may have been entirely fake from
the start, or they may be just another victim that got their account hijacked
and then used to scam you. In other words, the host might be real and properly
verified, but the scammer took their account.

You might want to make sure that your girlfirend changes the password on her
own account, just in case she did a sign-in on the fake site.

Sorry to hear about your loss.

------
padobson
I've had similar phishing attempts on my Airbnb account. The service seems to
be a target for it. A few tips:

Always check the URL before you log-in to any site. Don't ever send money
through unverified means (mail, western union, etc) for any transaction over
the Internet. If you use Gmail, report phishing emails to them. Report
phishing attempts to Airbnb.

------
raverbashing
The payment is done through the Airbnb site, not moneygramm

Seems like a scam that's avoidable

EDIT: Yes, I believe some people still get caught by it, looking at the AirBnb
site they should make this information more prominent

This is very hidden:
[https://www.airbnb.ca/help/article/51](https://www.airbnb.ca/help/article/51)

------
purge
One of my friends was caught out by a similar scam last year. There is plenty
of prior art for airbnb to look at when developing a safe platform for people
to communicate through. At the very least they should disallow exchange of
e-mail / non-airbnb websites via the platform communication channels.

~~~
buro9
> At the very least they should disallow exchange of e-mail / non-airbnb
> websites via the platform communication channels.

They do this, and it's a pain in the arse for regular users.

I've only just got back from a 2 week stay in Italy, and unfortunately one of
the glasses broke in the dishwasher. I found the replacement online and after
apologising to the host offered to replace the glass with an identical at my
inconvenience.

Damned if we could have that conversation about the replacement on AirBNB
though. We were both unable to share links to shops from which the glasses are
available. Eventually having to agree to take the conversation off of AirBNB
so we could resolve it.

It's unsatisfactory though as this is the very type of conversation that both
the host and myself _want_ recorded through AirBNB so that if anything did go
awry AirBNB would have an evidence trail.

Far better would be to do a URL forwarder in the style of Twitter's t.co and
to monitor all outbound URLs and allow AirBNB to block domains and phishing
sites centrally from each and every message sent (into the future too), whilst
allowing all legitimate conversation and link sharing to occur.

This would even allow AirBNB to inform customers who visit URLs that are
suspected of phishing, and detect accounts sharing such links much sooner.

~~~
YokoZar
The block on URLs is actually there to prevent prospective guests and hosts
from just arranging an informal booking off site and cutting AirBNB out of the
picture. It's the same reason you can't send phone numbers or email addresses
in chat messages until after they pay.

~~~
buro9
OK.

So _after_ we pay... it would be good if we could actually converse fully and
share links.

The host also said that she had sent me a link to a web page with house rules
that describes where recycling and garbage goes, etc. I never received this,
and I presume she had just put the link in a message, hit send, and AirBNB
removed the link and nothing else happened.

Once we pay, the conversation should be unrestricted.

------
NickWarner775
@Poster and @Everyone: I just returned on July 1st from traveling through 8
different countries over a month's span, and AirBnB'd the whole trip. A fellow
traveler also experienced the same tragic incident in Berlin. He came to the
conclusion that he was logged in to the website via safari on an insecure
network and was redirected to the fake site. Its a serious bummer but there
was nothing he could do. The best and most secure way to use AirBnB is through
their mobile app, not by login into their "site" on an insecure WiFi NetWork.
Search through hosts and seriously read their reviews. I contacted everyone
before hand and would not book unless I received a response.

@everyone: I returned from Barcelona three weeks ago. I rented a very nice
apartment in the heart of the Gothic Quarter using AirBnB. As far as AirBnB
being illegal, I don't think that is correct. I have many friends who have
studied abroad and when they would leave Spain to go travel they would throw
their apartment on AirBnB to make a couple bucks. Like with traveling
anywhere, just be careful.

~~~
toomuchtodo
Does the AirBnB mobile app do certificate pinning? Will it error out on an SSL
MITM attack?

~~~
esrauch
The odds that some random WiFi was doing SSL MITM attacks to facilitate the
type of scam mentioned in the original thread is near zero.

It is much much more likely it was another case of nearly identical domain
name that the scammer owned and the person never noticed.

------
cgtyoder
Interesting - e-airbnb.com now redirects to airbnb.com. whois records still
list Australian ownership/Russian name servers though.

~~~
meritt
Naked requests do redirect but clicked links from their phishing emails
probably stay on the phishing site.

~~~
tormeh
That's pretty clever.

------
amirmc
This kind of thing isn't unique to Airbnb. I believe any online marketplace
(eg eBay etc), has similar problems.

My usual approach is to keep as much communication on the platform as
possible, including the payment process. Anyone who tries to communicate off
the platform (eg send money via another method) immediately warrants more
scrutiny.

In this case, there are probably things Airbnb can do to help users and reduce
the likelihood - for example I don't see the host's email address until I've
paid (via the site).

~~~
jamandeggs
Keeping the communication on AirBNB doesn't really help. I've had hosts who
admitted that they listed a fake address with fake names via AirBNB's
messages, but AirBNB doesn't care.

~~~
kkhire
I'm sure they care and do their best to rid these posts, but every single
marketplace has this issue -- airbnb is just the hotspot now because they can
get big bucks relative to ebay

------
hammock
Payment via Moneygram is the biggest red flag here. If you've ever used
craigslist you know they warn you, and there are tons of scams that use
Western Union/Moneygram.

If you pay with a credit card through airbnb, you have several layers of
protection: you could appeal to airbnb, and you could also dispute/issue a
chargeback through your credit card company.

------
pbreit
More importantly, never use MoneyGram (or Western Union or cash) for non-face-
to-face transactions.

------
tudorw
Perhaps Gmail et al could have something a bit more pro-active to detect this
kind of bait and switch, so if an address has been used a number of times,
then a small variation on that address is seen, then steps are taken to warn
the user.

~~~
hnha
I would prefer mail providers not snooping into my mail, thank you very much.

~~~
iancarroll
There's already sophisticated software running that scans your email for spam,
I imagine this would be another (complex) rule.

------
th0br0
Uh, doesn't AirBnB enforce payment via Credit Card or PayPal?

Sorry to hear your storry though.

~~~
patio11
Yep, but since the user was in the hands of the enemy and was unaware of that
policy, they assumed that Moneygram was a blessed option since the website
said it was.

This is a pretty sophisticated fraud attempt. Everything is totally legit
until the last possible moment and human nature makes the last bit much less
suspicious than it would otherwise be. ("Apropos of nothing, would you wire
$4k to an anonymous stranger in a foreign country?")

Many, many, many users will fall for it.

------
wehadfun
Host usually do not get a person's email address until after they pay on
airbnb.com. How did this scammer get the email prior?

------
markcrazyhorse
Thanks for the heads up. I was actually considering using this service in a
month or two when I wanted to go travelling

~~~
nlh
It's still a great service, and you should still consider it. Just make sure
to read up on how it works and always pay through AirBNB directly, not an
outside site.

~~~
anish_m
If you pay through Airbnb, I think they are responsible for any such frauds.

------
etattva
I have seen earlier where the pictures did not match the actual site.
Otherwise used for NYC and works well

------
bert2002
I always check the comments of previous guests and so far every thing was
good.

------
Alex-Galapagos
sorry to hear about it.. Thank you for letting us know

------
hezone
Curiosity killed the cat, I just tried "www.e-airbnb.com" and surprisingly it
redirects to "www.airbnb.com"

Seems it is not a fraud website, why?

~~~
matthewmacleod
This is frequently implemented to add legitimacy to a domain – you can clearly
see how it has been effective on you, and I assume you've got some technical
competence!

------
uladzislau
So what happened with using some common sense and due diligence? If you're not
an adventure seeker choose the host with lots of reviews. If the rate for the
property compared with other listings is too good to be true then it's a scam.

