Cyber criminals are targeting Airbnb and Booking.com customers with new tools

Published on
by klaava
booking.com travel safely web page screen shot
Screen capture of Booking.com security advice page. The company acknowledges scams but has done little to protect customers.

If you like to book your travel accommodation on Airbnb or Booking.com, you probably are aware that cyber scammers have had schemes to rip off even internet savvy customers on these platforms. Now, digital security enterprise Eset has discovered a set of new tools that have been made widely available for online scammers. The toolkit has specifically been designed to scam travelers who use Airbnb and Booking.com services.

How does the scheme work? Eset Research describes the toolkit that is marketed as Telekopye as follows.

  • Cyber criminals who have acquired the toolkit get access to Airbnb and Booking.com accounts that have been hacked earlier.
  • Using this real data as the way to convince the targets, scammers send messages to travelers who have recently paid or haven’t yet paid their reservation.
  • The message claims there is a problem with the reservation that can be settled by instant payment. The victim is asked to follow a link included in the message.
  • The link takes the victim to a page that looks exactly like an Airbnb or Booking.com page. The victim pays to solve the problem, and scammers receive the money on their bank account.

Although the scam started with the real data – traveler’s own reservation data – it ended on a payment page that was carefully prepared by the criminals to look like a legitimate travel reservation page. The link of the page is the only visible sign that tells it is not an Airbnb or Booking.com page.

We reported about the same scam more than a year ago when security experts reported that both Airbnb and Booking.com host and guest accounts were hacked in a large scale. Apparently, the online travel services have done very little to improve their system security. The same scheme has become so common that toolkits can be purchased by anyone who has a desire to become a cyber criminal to rip off travelers.

What can a traveler do to avoid the continuing security problems in reservation services? The fastest and also an almost fool-proof way to ensure you are not scammed is to stop using Airbnb and Booking.com. If you don’t want to do that, you have to be extra careful every time you get a message or phone call from your travel reservation service. If you are asked to follow a link, you have to learn how to verify the link is from the service you use, and doesn’t take you another web site.