
Ask HN: Tracking down fake Airbnb owner - asdojasdosadsa
Case:
Not so technical colleague got scammed for 2 months rent. What can he do?<p>Steps:
1. He found apartment listing on immobiliare.it<p>2. Some emails were exchanged<p>3. He receives the link to the _real_ airbnb listing<p>4. He cant find it there, and the scammer sends the phishing page[1] (from @expertdesigner.eu)<p>5. Soon after he receives another email saying that the database is down from @airbnb.sa.com and he should meanwhile move the money using transferwise.com<p>6. Payment done<p>7. Scammer replies: Payment received<p>The login page was quite well made, and I think most of non technical people might get fooled<p>[1] The URL: https:&#x2F;&#x2F;airbnb.com-itinerary.app&#x2F;rooms&#x2F;762837232&#x2F;files&#x2F;login.php?id=572465&amp;locale=en&amp;sale=203&amp;<p>Thoughts?
======
gus_massa
The title is slightly confusing. Note that it is a ((fake Airbnb) owner), not
a (fake (Airbnb owner)).

~~~
BoorishBears
Literally makes no difference. Both convey the same problem.

In fact if anything, the story is about a (fake) AirBnb owner. The AirBnB was
real, the “owner” was fake.

Both are accurate unless you somehow imagined this would be a story about a
fake founder of AirBnB (in which case I’d say the confusion is more of a
personal problem).

------
nwsm
I don't have any advice but I hope they are able to recover their money.
Shitty people like that are why some US states like Massachusetts now require
all renters to find apartments through a registered broker. Sounds nice and
safe but it ended up in me paying 4 months rent to get a new apartment. (2
months rent + security deposit + broker fee which was over a month's rent)

------
dfyr
There's more to it, more php machinery, but in short:

 __Basic Info

\- username at home dir: comitin1 \- LiteSpeed server \-
SERVER_ADMIN=webmaster@airbnb.com-itinerary.app \- English not first language

\- Sends over location, victim ip-port pair, protocol, client, TLS encryption
suite

 __Client (Victim):

From main.html:

POST /transaction.php?id=1 --> transaction.html

POST /transaction-process.php --> attacker no longer cares...empty response
body

 __Admin

[https://airbnb.com-
itinerary.app/rooms/762837232/files/manag...](https://airbnb.com-
itinerary.app/rooms/762837232/files/management/)

Login with POST /index.php with username and password

There is a whole interface for easy management of properties, with its own UI!
It does proper client and server-side validation of inputs, uses a set of
images of houses and hosters.

POST /process-data.php

POST /send-discount.php for a particular property id

POST /edit-discount-process.php

------
sonicxxg
Is "Not so technical" euphemism for naive? This sucks, but also seems like a
low effort scam.

~~~
asdojasdosadsa
Well, I have seen quite many phishing pages and scams, and this was not that
low effort scam - probably setting up all the domains and phishing pages etc
has taken a bit of work and technical skills

------
philpem
This is gonna sound a bit granny-suck-eggs... but I hope your friend reported
it to the police?

~~~
asdojasdosadsa
Yes, reported to :

\- The police

\- [https://reportphishing.net/airbnb/](https://reportphishing.net/airbnb/)

\- Airbnb report on the listing page - but now to think about it, we can't be
sure the listing itself is connected to the scam. The host of the listing is a
superhost (whatever that means)

Also the police said, there's not much they can do

~~~
gameofcode
Report to TransferWise as well, I've never used them but have heard their
support is decent - that's not to say they'll be able to help you but it's
worth doing for sure.

~~~
asdojasdosadsa
Thanks, I forwarded this

