Cybersecurity researchers at SlashNext have uncovered a worrying trend of attacks targeting unsuspecting users with Airbnb accounts. This trend, while not entirely new, includes a wide range of malicious techniques that pose a significant threat.
Main findings
- Cybercriminals use a variety of methods to gain unauthorized access to Airbnb accounts, including theft, cookie theft, and account checkers.
- Once cybercriminals gain access to an Airbnb account, they can use it to book accommodations, make fraudulent purchases, and even steal victims’ personal information.
- The scale of the problem is large: thousands of Airbnb accounts can be purchased on digital stores for as little as $1.
- To protect yourself from this type of scam, it’s important to take steps to protect your Airbnb account, such as using a strong password and enabling two-factor authentication.
- You can also help protect yourself from Airbnb scams by only booking with hosts with good reputations and positive reviews, being wary of offers that sound too good to be true, and never giving out personal information to people you don’t know. And trust.
Cybercriminals are always finding new ways to exploit popular online platforms, and Airbnb is no exception. In a recent study by cybersecurity firm SlashNext, researchers found that cybercriminals use a variety of methods to gain unauthorized access. Airbnb Accounts (Thieves, Stolen Cookies, Account Checkers, etc.).
Once cybercriminals gain access to an Airbnb account, they can use it to book accommodations, make fraudulent purchases, and even steal victims’ personal information. In some cases, cybercriminals may even use her stolen Airbnb account to commit identity theft.
The scale of the problem is significant. In a study by SlashNext, researchers found that thousands of Airbnb accounts can be purchased from digital stores for as little as $1. This suggests that cybercriminals regularly steal his Airbnb account information and sell it on the black market.
Recent blog post The report, released by cybersecurity firm SlashNext, sheds light on bold tactics used by cybercriminals to exploit Airbnb.
person who steals
Cybercriminals utilize a type of malicious software (malware or Trojan horses) aptly named “stealers” to extract sensitive information such as usernames, passwords, and other sensitive logs. . From the target device. Once these logs are collected, they are typically routed to criminal-controlled servers.
The deployment of thieves is based on human psychological manipulation (social engineering) Exploiting software vulnerabilities and using deceptive advertising (malvertising).
Behind the digital surface, a secret marketplace exists where cybercriminals can buy and sell unauthorized access to devices in bulk, known as “bots,” “installs,” or “infections.”
For those willing to invest, cybercriminals can quickly acquire a repository of devices full of thieves, if not tens of thousands.
Targeting account information in web applications across most browsers, thieves neatly package their loot within a structured format. This format consists of columns and rows that encapsulate many data fragments, such as names and credit card details. Besides collecting login credentials, thieves can also hijack her cookies.
Cookies: Gateway to unauthorized access
cookie, the unobtrusive data packets that store users’ online preferences and activities, have unwittingly become pawns for cybercriminals. These scammers are thriving by stealing, trading, and purchasing his cookies for his Airbnb account on various illegal forums. Cybercriminals use these ill-gotten tokens to temporarily compromise Airbnb accounts without requiring a legitimate username or password.
Imagine a scenario where a cybercriminal buys a bunch of stolen Airbnb cookies, loads them into a browser, and sneaks them into a victim’s account undetected. Using this unauthorized access, they can impersonate legitimate users and book accommodations or organize other fraudulent transactions without raising any alarms. It is essential to note that these session cookies have a short shelf life, so cybercriminals need to act quickly.
Monetize stolen data
Once user accounts are compromised and cookies are stolen, cybercriminals turn to monetization. Common techniques include selling stolen account data and her cookies directly to other criminals.This trade can be found in online forums, dark web markets, and even telegram channel.
According to SlashNext, there are thousands of Airbnb accounts for sale on dark web and underground platforms, and the shocking devaluation has reduced the value of each account to just $1.
The scale of Airbnb account thefts has led to the emergence of automated tools called “account checkers” that systematically scrutinize Airbnb credentials stored in text files.
Working with the Airbnb Cookie Checker
The account checker’s technique is simple. When an attacker inputs a text file filled with stolen credentials, the checker identifies which are valid and which are invalid. Some advanced versions of these tools perform specific actions such as fraudulent bookings.
Cybercriminals with a “passion” for innovation have launched a service offering up to 50% off Airbnb bookings. The amount of interest in these services is clear, with forum threads amassing tens of thousands of views and hundreds of replies.
The disturbing reality is that cybercriminals are masterminding a variety of methods to exploit Airbnb’s popularity, using stolen and misappropriated cookies to compromise user accounts.
The stolen information is then sold to other criminals or used to offer discounted services on the Internet. black market. Rampant account theft highlights the urgent need for vigilance and proactive measures to combat these insidious cyber threats.
protection
Hackread.com has compiled a list of steps to help Airbnb users (or unsuspecting users online) protect themselves from a growing trend of attacks.
- Enable two-factor authentication.
- Use strong passwords and change them regularly.
- Be careful not to click on links in emails or messages from people you don’t know.
- If you believe your account has been compromised, please change your password immediately and contact Airbnb customer support.
In addition to the tips above, here are some things you can do to protect yourself from Airbnb scams.
- Be wary of offers that seem too good to be true.
- Only book hosts with good reputations and positive reviews.
- Never give out personal information, such as credit card numbers or passport numbers, to people you don’t know or trust.
- If you have any questions about your reservation, please contact Airbnb customer support.
However, the best defense against cybersecurity threats is to use common sense. Therefore, always use it.