Text scam purportedly coming from Airbnb

Post scam emails to warn other rental owners, or if you are not sure if an enquiry is genuine, put it up here and see what others think.
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Text scam purportedly coming from Airbnb

Post by AngloDutch »

We have just received a text message supposedly coming from ABB.

Number shows it is coming from Romania (+40 757257030)

and text shows
'Dear Airbnb user, please login to verify your account (URL removed) or else we suspend your account'
A couple of weeks ago our ABB account was hacked but we received an immediate genuine email warning from ABB that someone had accessed our account from a different IP address, and were therefore able to change the password straightaway. Have no idea if that is connected but looks like someone has harvested our mobile phone nummer as well.

We refuse to answer any text message or email directly and will always wait until we can log onto our dashboard in order to see if the same account notification or enquiry shows up there.

What with fake invoices via regular post, 'Locky' Ransomware emails, phishing attempts via email and text, Indian call centers trying to persuade you to part with your money for non-existance services and fly-by-night websites, we wonder what will be hitting us all next.....
ellerhow
Posts: 174
Joined: Tue Apr 08, 2014 6:40 am

Post by ellerhow »

We too received that text and I immediately contacted Airbnb to report it as a scam. I will follow it up as we haven't heard back from them.
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

After receiving the above text message on Friday, our ABB account was hacked on Saturday morning. The second time in 2 weeks. This after changing our password when it first happened.

We have scanned our PC for keyboard loggers/viruses. There are none. We have never clicked on any link in an email coming from (or purportedly coming from) the ABB system, unless instigated our end (for example, instant password/email address change notification requiring confirmation).

So, how is it possible that obviously the same person (ABB email notification and account-logged sign in shows Windows Vista/IE user on both occasions) can access our account after a password change?

We have checked our phone numbers, including our bank account details and nothing has been changed by the hacker.

Now using a different email address on the account, plus a fresh password.
ellerhow
Posts: 174
Joined: Tue Apr 08, 2014 6:40 am

Post by ellerhow »

After reading your post AngloDutch and having had no response from Airbnb, I tweeted them to report the scam. They investigated and have reported it to Google and their Trust and Safety Team. I have been given the contact safety@airbnb.com to report any further issues, although Twitter does appear to get an immediate response. Neither I nor Airbnb think our account has been hacked- what are the signs Anglo Dutch ? (Sorry if that seems a daft question)
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

I can't offer anything in the way of explanations as there's no obvious weakness which has caused the problem.

If it were me I would:

- scan your PC using more than 1 tool as none are perfect. Perform a boot scan not just one in windows
- change your password again but use a different machine in a different location
- do the same for Facebook as this can be used as a login
- anything used for password recovery needs to be also considered. eg. could someone have access to you email account
- perhaps start using a VPN service until you get to the bottom of it
- ask to speak to a security person at AirBnb
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

ellerhow wrote:After reading your post AngloDutch and having had no response from Airbnb, I tweeted them to report the scam. They investigated and have reported it to Google and their Trust and Safety Team. I have been given the contact safety@airbnb.com to report any further issues, although Twitter does appear to get an immediate response. Neither I nor Airbnb think our account has been hacked- what are the signs Anglo Dutch ? (Sorry if that seems a daft question)
ellerhow, I have contacted ABB via their web platform to ask what is going on and expect to hear back from them in a couple of days.

Going through our account settings just now I have noticed that our text message settings have been unticked (these are for host/guest messages and reservation confirmations/updates).

Do you have notifications set up? This is EXTREMELY important otherwise you won't ever be notified of a login from somewhere else. The notifications I am talking about are confusingly not shown under 'Notifications', but under 'Security'.

Go here:

From 'Account' (at top right) --> 'Security' --> you will see 'Login Notifications' --> click 'Turn on Login Notifications'

Also on this page you will see a report on trusted browsers and most importantly, at bottom, the login history.

We have this ticked and are notified about additions to trusted browsers, as well as all login history.

Signs of ABB hacking (apart from the notifications) -

If you see a suspicious login record then, if not already done, you need to sign them out immediately (clicking on 'Log Out' at the right hand side of the record entry).
Also check your entries for landline/mobile phone, email address (Go to 'Profile' at top right, which is next to 'Account') and of course very important, your payment preferences and any entered bank account information (From 'Account', go to 'Payment Preferences').
ellerhow
Posts: 174
Joined: Tue Apr 08, 2014 6:40 am

Post by ellerhow »

Thanks Kev and AngloDutch I will do these things now and report back. You are so much more helpful than Airbnb (who are just patronising).
ellerhow
Posts: 174
Joined: Tue Apr 08, 2014 6:40 am

Post by ellerhow »

Thank you both. I've done all you have suggested and there does not seem to be any hacking of our account.
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

What did I just read?

Thank you for reaching Airbnb customer experience, I'm Sascha and I will be looking at your case today.
My advice in this situation is try to unable all the text from Airbnb for be sure that if you receive another text is not coming from us.
You can cancel text message notifications at any time by texting STOP to the Airbnb short code 247262. We'll send you a final text message to confirm that you are no longer subscribed, then you will no longer receive text messages from us. You'll also need to disable text message notifications in your Airbnb account.
You can then manage what notifications you receive or disable text message notifications altogether by going to your Dashboard > Account > Notifications.
If you keep receive weird link from that number please let me know and I will pass your case to a specific team for better assistance.
I hope I have been helpful, if not do not hesitate to contact us again.
Best regards
User avatar
AngloDutch
Posts: 727
Joined: Fri Jul 11, 2014 10:25 pm
Location: Netherlands

Post by AngloDutch »

kevsboredagain wrote:I can't offer anything in the way of explanations as there's no obvious weakness which has caused the problem.

If it were me I would:

- scan your PC using more than 1 tool as none are perfect. Perform a boot scan not just one in windows
- change your password again but use a different machine in a different location
- do the same for Facebook as this can be used as a login
- anything used for password recovery needs to be also considered. eg. could someone have access to you email account
- perhaps start using a VPN service until you get to the bottom of it
- ask to speak to a security person at AirBnb

Thanks, Kev for all the advice. I will definitely start with the last one. ABB level 1 support is plain 'kooky' and that's being kind..
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

AngloDutch wrote:What did I just read?

Thank you for reaching Airbnb customer experience,
I would still say it's way better than any support you get from a HA site.
Post Reply