Cyber crooks target Airbnb for fraudulent activities


With millions of listings in 100,000 cities, Airbnb has become a favorite target for cybercriminals looking to exploit popular online platforms for malicious purposes.

New research from SlashNext, a company specializing in cybersecurity, cyberattack detection, and IT solutions, says that Airbnb’s popularity has made it vulnerable to “cybercriminals, fraudulent hosts, fake accounts, and other scams.”

What exactly is going on? Well, according to SlashNext, cybercriminals usually employ malicious software known as “stealers” to obtain information such as usernames and passwords.

ADVERTISEMENT

These info-stealers – also used to vacuum up ChatGPT credentials – then infiltrate devices and transmit the logs to attackers. Typically, they’re sent to a server, but in some cases, they can be delivered through email or secure chat programs like Telegram, SlashNext says.

“The logs usually follow a particular format, which includes multiple columns with rows of data that encompass various pieces of information, such as names, credit or debit card details, and more. In addition to capturing login credentials, stealers can also exfiltrate cookies,” the report says.

Airbnb account cookies – small data files stored on a user’s device that contain information about their browsing activity and preferences – are what cybercriminals are often stealing, buying, and selling on various online forums.

This way, they can gain temporary access to accounts without access to username and passwords.

“For instance, cybercriminals can purchase databases of stolen Airbnb cookies from compromised accounts, load them into their browser, and gain access to victims’ accounts,” SlashNext said.

Crooks can then impersonate real users and book properties or perform other unauthorized actions without raising any alerts. However, it’s crucial to note that most session cookies expire quickly, so cybercriminals must act fast before the session expires.

Once access is gained, the next objective is to profit from the data. One standard method is to sell the account information directly to other cyber crooks through online forums or by uploading rows of data to popular stores that facilitate these types of transactions.

airbnb-screen-shot
Airbnb account information sold on a digital store. Courtesy of SlashNext.
ADVERTISEMENT

According to SlashNext, there are thousands of Airbnb accounts available for purchase on digital stores. In fact, the scale of Airbnb account theft is so significant that attackers sell “account checkers,” which are automated programs that rapidly test Airbnb accounts located in a text file.

“The scale of account theft is substantial, with thousands of Airbnb accounts available for purchase on digital stores for as low as one dollar. It is essential to be aware of the risks and take necessary precautions to protect personal information from such cyber threats,” SlashNext says.


ADVERTISEMENT

Leave a Reply

Your email address will not be published. Required fields are markedmarked