The charming couple from Melbourne were off to New York and a town hall wedding that would be a surprise to their friends back home and a great story to tell their grandkids someday.
What an honor, we said, to be a small part of that story.
On Sunday, I got a polite letter from the Airbnb Trust and Safety Team, bringing to my attention an email I may have received from another Airbnb member.
Someone who had, perhaps, requested to communicate with me via private email or Facebook, or maybe sent a malicious message in which they might have asked me to verify my listing. Or then again, the letter said, perhaps my would-be correspondent had asked me to copy and paste a URL into a new browser window.
Whoever tried to con me hadn’t gotten through, to my knowledge (I get so much mail, it’s hard to keep track), and this was the first I’d heard of the attempt.
Airbnb asked that I halt my communication with the individual immediately and informed me that it had removed the account so that I would no longer have access to the message thread.
I didn’t think much of it after that, especially as I hadn’t actually seen the scammy message.
Would-be guests often try to get information from me – street address, phone number, email address, directions from my house to downtown, that sort of thing – all of which, I know, Airbnb’s filters will redact.
I’ve always assumed it was guests seeking to bargain with me off of the Airbnb site and thereby cut out the middleman, or newbies trying to get my phone number or email address, innocently ignorant of Airbnb’s policies.
Now, I’m no longer sure that every attempt was as innocent as all that.
Recent scams have forced me to look at how safe the service is and for how to best keep from getting scammed (check the end of the article for tips), and I’m not altogether reassured with what I’ve found.
The most recent scam to make it into headlines: on Wednesday, The Guardian ran an article about travelers who booked a flat in Barcelona that they’d found listed on Airbnb.
The reviews all seemed positive, they said. After booking, they received a series of emails, purportedly from Airbnb.
One of those emails asked the travelers to email their address in order to secure the rental agreement, which they did.
Then, another email asked the travelers – let’s just call them victims, because I’m sure you can guess where this is headed – to transfer funds into an Airbnb holding account.
The Guardian quotes “CB” from Manchester:
We assumed this was procedure, did as instructed and thought that we had completed the booking process. By the time we realised it was a fake account, it was too late.
Although Airbnb promised to investigate and removed the bogus listing, CB found an article that reported, a week before his/her attempted booking, that the very same flat had been used to scam another customer.
To rub salt into the wound, that same flat popped up again, 24 hours after Airbnb had removed it, and stayed up for another 48 hours.
In other words, the flat was a known bad apple, but somehow, Airbnb couldn’t keep the fraudsters from re-listing the same property multiple times.
In fact, it’s quite easy to put up a fake listing on Airbnb.
Grant Martin, a writer for travel industry website Skift, says that all it took for the site’s staff to create a bogus San Francisco listing were fake photos, a fake profile, a fake address and a real phone number.
It’s also possible for scammers to hijack a current, legitimate account, he suggested, possibly through bulk purchase of breached logins, and put up fake listings under the name of an unsuspecting user.
Skift gives one example of a peculiar exchange with an Airbnb user who was apparently victimised in this manner: a “spectacular penthouse” in Las Vegas was listed under his account that he didn’t seem to know about.
Make no mistake about it, Airbnb warns users to keep communication on the platform. Contact information is supposed to be exchanged only after a booking has been made.
Airbnb urges users to keep all payment and communication on its platform, advising that it will never ask them to pay elsewhere.
CB and his or her traveling companion(s) realise that now, but they don’t think Airbnb presented that information clearly enough.
They looked on the site and found what looked like a perfectly legitimate listing.
But because they took communication off the platform, they’re out £824 ($1297).
There are more horror stories still: A site called airbnbHELL is collecting what it claims are uncensored stories from hosts and guests.
One such story from somebody claiming to be an experienced host concerns a “seemingly nice couple” whom the host chatted with every day and even drove to the grocery store, all pleasant and all without complaint.
The day after they left, the host says, he or she got a notice from Airbnb stating that the couple claimed they saw a mouse in the condo and that Airbnb policy was to give them 50% of their money back for the duration of their 4-week stay.
The host claims to have done an image search and found the mouse image online. He or she also found that the same picture had been posted to another site over a year earlier.
Note that the stories on airbnbHELL haven’t been confirmed. Regardless, what’s disturbing is that they are plausible: Airbnb does reimburse guests who stay in deplorable rentals.
Airbnb has many safeguards to keep both guests and hosts safe and to keep transactions secure. It has a plethora of “Trust & Safety” pages.
But I wonder, can it do more?
So I asked the company these few questions and will update the article if and when it replies:
- It seems that the mouse story, reported by two airbnbHELL posters, is demonstrably false, given an image search. How can a host protect herself from this fraud? What is Airbnb doing to ensure that such reimbursements aren’t falsified?
- Is Airbnb working to ensure that listings are legitimate, and if so, how?
- What, if anything, is Airbnb doing to ensure that accounts aren’t being hijacked? For example, has Airbnb considered turning on two-factor authentication (2FA)? Would it consider proactively protecting users by watching for news of big breaches, raking up as many password/username combinations posted by crooks online that it can find, and sifting through them to see if they can be used to unlock Airbnb accounts, as Facebook has done?
I can’t be subjective: Airbnb is near and dear to my heart (and my wallet). I’m not giving up on it, though I’m going to be a whole lot more careful with my bookings!
Below are some tips on how to stay safe when Airbnb’ing.
How to stay safe on Airbnb
1. Be wary of messages that look like they’re from Airbnb
All legitimate payments on Airbnb take place through its website. If someone messages you on Airbnb and asks you to contact them off-site to arrange payment details, or to send your phone number or email address, they could be trying to rip you off. This is against Airbnb’s rules and you can report people who ask you to do so by flagging the message.
Look for the small flag icon in the message thread. Airbnb gives some examples of common scams on a page devoted to keeping your account secure:
- Advance fee: a type of scam in which an individual offers money or another reward in exchange for you transferring money through various payment services outside of Airbnb.
- Phishing: a type of scam in which someone will send an email or link that is made to look like it’s from Airbnb or another trusted site. These messages are designed to trick you into providing confidential information – such as passwords or other email addresses – and may contain malware that can gain access to your computer to gather your personal information, including passwords and/or credit card data.
- Travel: a type of scam in which someone will encourage you to secure your “too good to be true” listing by sending payment via wire transfer or with an advanced deposit in order to collect the money without providing the advertised accommodation.
- Overpayment: a type of scam in which someone will offer more than what your listing may be worth, and ask you to repay them in cash.
2. Protect your Airbnb account with a strong, unique password
Here’s a short, straight-talking video that not only shows you how to pick a proper password, but also explains why you should bother.
Make sure that you go by the rule of one site, one password. Otherwise, if you’re using just one login and it gets breached, the crook who has it can take over your Airbnb account (or your online bank account, or your Twitter account, or wherever else you’ve used that login) and put up fake listings under your name.
3. Keep all communications and payments on the Airbnb site
Airbnb redacts phone numbers, email addresses and URLs in messages, but scammers have found sneaky ways around its filters, such as posting images with text superimposed. Don’t go to any sites such scammers try to get you onto: they could well be rigged to plant malware or steal your credit card information or login.
Image of kitten with mouse courtesy of Shutterstock.