With the EU’s General Data Protection Regulations (GDPR) going into effect in just three weeks, many organizations are alerting customers to changes in their privacy policies and terms of service. Hackers are taking advantage of this opportunity to turn legitimate announcements into phishing campaigns.
Airbnb announced to its users that changes to their policies will go into effect on 25 May 2018. Scammers then mimicked that email distribution with a specious email asking customers to update their account information.
According to the security firm Redscan the hackers are attempting to spread malware and steal the personal data of Airbnb customers by fooling them into following malicious links in phishing emails and entering their personal information into a system that the hackers control.
In a prepared statement, Airbnb wrote, “These emails are a brazen attempt at using our trusted brand to try and steal users’ details, and have nothing to do with Airbnb.”
Those who have received what they think might be a fraudulent message are encouraged to report it to report.phishing@airbnb.com. Airbnb confirmed that before the phishing scam, no bad actors had gained access to Airbnb user details and that it works closely with external partners to help report fake websites.