Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Airbnb Customers hit with GDPR Phishing Scam

Hackers have been exploiting the imminent GDPR deadline to target Airbnb users with a phishing scam aimed at spreading malware and stealing personal data.

With the impending GDPR deadline just weeks away, businesses across the globe have been rushing to ensure that they have clear consent from customers to store and process their personal data.

Not one to miss a trick, the opportunistic cybercriminals have taken full advantage of the mass of GDPR emails that are flooding into people’s inboxes to trick users into handing over personal information and credit card details.

Researchers at Redscan uncovered the GDPR phishing scam which is predominantly targeting business email addresses. The email appears to come from Airbnb’s customer support department and requests that recipients update their personal information to be able to continue using Airbnb’s services.

Those who click on the link are asked to enter their personal information, including account details and payment card information. Once clicked, the hackers will then use this information to deliver malware, commit identity fraud or may sell the details on the dark web.

Scam of the Week – Airbnb Customers hit with GDPR Phishing Scam

Real and Fake Airbnb Emails (Source: Hubspot / Redscan)

Airbnb has been sending out legitimate emails to customers informing them of the changes to policies that will come into effect on the 25 May, however, these emails are much more detailed and do not ask users to enter any personal information but simply to agree to the new terms of service.

Customers have been advised to check the sender’s email address for the very small changes that may indicate fraud. Despite the Airbnb emails appearing legitimate, the domain name is different. The fake messages come from ‘’ as opposed to ‘’.

Airbnb has responded to the scam by saying: “These emails are a brazen attempt at using our trusted brand to try and steal user’s details and have nothing to do with Airbnb. We’d encourage anyone who has received a suspicious-looking email to report it to our Trust and Safety team on, who will fully investigate.”

Despite the increasing sophistication of phishing emails, there are a number of signs to look out for that might indicate a fraudulent message. These include a generic greeting, threatening language, spelling mistakes, poor grammar, a mismatched URL or a request to enter or update personal data.

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, click here to find out how MetaCompliance can help. Our MetaPhish Platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. 

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations