Spam email or Ligitimate Airbnb warning? Help please.

OTA = Online Travel Agency, which means those sites that sell the booking and take the payment for you.
User avatar
cleanforum
Posts: 392
Joined: Wed Jun 04, 2008 9:55 am

Spam email or Ligitimate Airbnb warning? Help please.

Post by cleanforum »

I received the following email this morning.....

Hi my name,
Your account (myname @gmail.com) is under review
We placed your account on review after trying to call your Airbnb registered phone number without success.

In order to log back in, you’ll need to complete an account review. We’ll help secure your account first.
Review your account
Thank you,
Airbnb Support Team

The link that is "review your account" looks like a third party so I am suspicious...

My account is aparently not blocked....
:

:?
e-richard
Posts: 5008
Joined: Sun Oct 17, 2004 11:33 am
Location: Algarve, Portugal
Contact:

Post by e-richard »

The first clue is to look carefully at the email address. Does it look odd?

The second clue is to look carefully at any link in the email (hover your mouse over it and look in somewhere at the foot of the page)

The third clue is to login independently to airbnb and see if there are any such notices in your dashboard.

Mu guess is that this email will fail all the above tests and is most likely to be a scam.
** Richard
PIMS: Holiday Rental Management system
They say we learn from our mistakes. That makes me a genius !
User avatar
cleanforum
Posts: 392
Joined: Wed Jun 04, 2008 9:55 am

Post by cleanforum »

Thanks erichard, the issuing email was airbnb.com.airbnb and the link was a third party. There are no messages in my airbnb account so I guess it must be spam. The email caught me on my mobile on the move so I nearly fell for it.

So take this as a heads-up for any other ABB users.

It did however look very convincing and as I have just taken an ABB booking it came among various other normal ABB emails/conversations etc generated by a booking...

Thanks again.
Vince
Posts: 112
Joined: Tue Jul 01, 2014 10:11 am
Location: Javea, Spain

Post by Vince »

Use a password manager like Lastpass. If you click on a link in an email (and we all do it, even when we shouldn't) and you're taken to a domain to login, even if it looks right if it's not the right domain then LP will not prefill the login fields with your data. That, right there, is your first warning.

I don't have the details off the top of my head but somebody posted a picture of a domain a few months back with a very sneaky phishing attempt and I think most of us would have fallen foul of it. The real domain was something like www.domain.com/login and the phishing attempt looked exactly like that, except that one of the characters in the domain was using a character from a different language set so that the only way to tell the two appart was that one of the characters had a tiny dot underneath it. You and I would never have seen that, but a password manager like Lastpass would have and it would have set your spidey senses tingling.
KAB-Dennis
Posts: 613
Joined: Fri Jul 23, 2010 10:55 pm
Location: Beaches of the East Coast
Contact:

Post by KAB-Dennis »

Thanks Vince I think I will look into LastPass but can I ask a question. What risk do I have by allowing a service like LP access to all of my passwords. Of course I would never surrender a bank or credit card but just wondering
Kathleen

PS pretty sneaky of them to use a second alphabet to confuse us
Kate
USA
Vince
Posts: 112
Joined: Tue Jul 01, 2014 10:11 am
Location: Javea, Spain

Post by Vince »

I've been using LP for..I don't know, a dozen years? It's saved my bacon plenty of times.

I have CC numbers saved, various account stuff saved such as security question answer. things like that. I have it on the PC, laptop and various mobile devices (for the mobile devices I set it not the automatically login, I have to manually type the password into the laptop which is good because it ensures I can't forget it. For the phone it's fingerprint or password). Having instant access to all your passwords is super useful.

I use a passphrase that nobody else will know and is many characters long. It's easy to remember and unique to LP.
COYS
Posts: 795
Joined: Sat Jun 06, 2015 1:24 pm
Location: Greek Islands

Post by COYS »

100% scam.
How do I know?
I got the same email word for word & I have never, ever had an ABB listing, or account of any description. Looks disturbingly realistic though - keep 'em peeled.
Doubt if it's rogue proof but I've always used KeyChain to generate passwords so I've no idea what most are anyway. If dubious & KC doesn't offer it's login option = spam report + bin.
This time next year Rodney, we'll be millionaires.
Post Reply