GDPR phishing scam targets Airbnb customers

Criminal hackers are taking advantage of the imminent General Data Protection Regulation (GDPR) with a phishing campaign targeting Airbnb customers.

The GDPR comes into effect on 25 May 2018, and many organisations are updating their privacy policies and emailing customers to ensure they are aware of the changes. The phishing scam seeks to exploit this.

The phishing email, which claims to be from Airbnb customer support, advises users that they must accept a new privacy policy based on the GDPR before they can make any further bookings: “This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States-based companies, like Airbnb in order to protect European citizens and companies.”

Paul Edon, director at Tripwire, said “Hackers are getting better at creating ways to trick users, and this attack on Airbnb customers is evidence of that.”

Tim Helming, director of product management at DomainTools, said:

As consumers receive more and more legitimate emails from brands engaging with best practices in advance of GDPR, it only follows as logical (and somewhat ironic) that scammers would take advantage of this. Phishers thrive on a lack of caution from their targets, so masking a scam as part of a legitimate flurry of emails comes as no surprise.

 [U]sers who receive a GDPR email should be aware that personal details or credit card information should not be handed over, in any scenario, as part of an organisation moving towards a GDPR compliant policy.

How can I detect a phishing email?

There are a number of ways to spot a phishing email. They are often sent from an unfamiliar email address, badly written and contain links or attachments that you are urged to open.

If you have any doubts about the legitimacy of an email, do not click any of the links provided. Hovering your mouse over the link or address will reveal the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you are expecting, so always double check before you click.

If you are still unsure, contact the company or individual using the details you already have for them and log in to any accounts from a separate browser. Never use the contact details provided in the email. Phishing attacks are becoming increasingly sophisticated, and the lack of basic knowledge about them only increases their success. It is therefore vital that people know how to identify and respond to a phishing attack.

Find out more about phishing with our free infographic >>