GDPR Phishing Scam Targets Airbnb Clients

May 18, 2018

 

A GDPR phishing cheat has been found targeting Airbnb clients. The GDPR-themed cheat requests clients of the home-sharing website should re-enter their contact information as well as credit card particulars in order to comply with the EU’s GDPR that comes into effect on May 25, 2018.

The scammers are taking advantage of the high volume of electronic mails presently being sent by businesses as part of their GDPR compliance attempts. Consumers have been receiving electronic mails from a wide variety of businesses requesting they renew their information, re-confirm that they still desire to remain on mailing lists and study new GDPR-compliant privacy policies before the compliance closing date.

Over the past few weeks, several businesses have been sending these electronic mails, so customers are now used to getting the messages and replying. This informality with the electronic mails might lead some customers to click without thinking and reveal their confidential information.

As with other phishing operations, there is a sense of urgency. When the compliance deadline is reached, businesses will be required to erase all customer data if a valid GDPR-compliant opt-in has not happened and new secrecy policies have not been accepted. As is indicated in the Airbnb phishing electronic mail, failure to reply will stop users from accepting any more bookings.

The request is reasonable, the electronic mails have been sent from the domain @mail.airbnb.work, the logos and branding used in the electronic mail seem genuine, and the link directs Airbnb clients to a webpage that seems like the genuine site, apart from the domain name.

Airbnb is already sending electronic mails to its clients asking for them to accept its new GDPR-compliant secrecy policy, even though the genuine electronic mails don’t ask clients to re-enter their information. They are only needed to accept the company’s new secrecy policy and agree to its conditions of service.

This GDPR phishing cheat is among several that have been found over the past few weeks and it is not likely to be the last. With such a high number of GDPR-related electronic mails being sent, it is providing cybercriminals with an ideal chance to obtain confidential information.