As KrebsonSecurity warns through a relevant report, Airbnb scamming has gotten a lot more streamlined and automated this season, with administrative tools making the lives of scammers easier than ever. A characteristic example of this is a new software-as-a-service (SaaS) tool called “Land Lordz”, which aids scammers in the creation of fake Airbnb offerings and automates the propagation of their listings. “Land Lordz” works as a subscription service for scammers, with the basic package costing $550/month. This entry-level package is enough for most scammers to kick-start their Airbnb schemes, as it allows for the creation of 500 fake property listings, and management of 100 victim-guests.
In a typical example discovered by Hold Security LLC and presented by KrebsonSecurity, the scammer maintained about 50 fake properties around London, UK, which were priced in a way to make them lucrative in a location where people have difficulty finding a property to rent. Once the potential victim reaches out to the scammer to ask for more details about the listing, a redirection occurs taking them to a phishing site that looks a lot like the real Airbnb.com, but it isn’t. In the example, the fake page URL was “airbnb.longterm-airbnb.co.uk” which now seems to be down.
By making it believable enough, victims are tricked into logging in to the phishing site or even creating a new account. In this case, the fake site forwards the requests to the real Airbnb.com platform, while recording everything and keeping it stored on malicious servers of course. To make it all work without suspicion, the Land Lordz allows scammers to add positive comments from supposed past tenants, while the images for the fraudulent listings are simply copied from real listings. All of the fake listings in the examined scammer’s account are rented on a monthly basis, so the amount that is deposited by the victim is worth the effort.
There’s one thing that people can do to avoid getting scammed, and this is to pay attention to the domain they are landing on after clicking a link. Don’t get impulsive when finding yourself in a “good deal that about to expire” situation, and remember, it’s better to lose a good deal that losing your money to scammers. As for Airbnb, finally adding a mandatory two-factor authentication step would help their users differentiate the real platform from spoofed phishing sites. Right now, this only happens when trying to log in from a new device, which is clearly not enough to stop Airbnb scams.
Have you ever paid money to a scammer on Airbnb, Booking, OpenRent, or any other similar platform? Share your experience in the comments section below, and help others stay safe by sharing this post through our socials, on Facebook and Twitter.