[UPDATED below 3-8-17] In mid-October we heard from a gentleman named Steven who was looking to rent a large apartment in New York city for an upcoming family wedding. Since the event was short term Airbnb seemed to be a great choice for visiting family and friends. After a thorough search he found a beautiful multi-bedroom apartment that was newly listed on Airbnb and contacted the woman offering it. Her name was “Audrey,” firstname.lastname@example.org, with phone number 224-225-0094.
The place looked perfect and it is sometimes hard to find the right place in New York available on the dates you need it. Audrey responded soon after but complained that the Airbnb platform was not working properly and asked that Steven email her directly. That was red flag number 1. Communication between Steven and Audrey then continued via email outside the Airbnb website. That’s where we pickup up the story…
After a few emails Steven confirmed that he wanted to rent the apartment and asked for details to make it happen. He was sent a very professionally crafted email that looked like it came from Airbnb but the entire email is an absolute fraud and didn’t come from Airbnb. Take a close look at the email he received. Can you spot the fraud? There are two very important details in this email that reveals it as fraudulent.
Have you spotted the two details? First, Steven was asked to wire his money to an Account Beneficiary named Abel Smart (Airbnb’s agent) in the United Kingdom. That should have raised serious suspicions and sent Steven back to Airbnb.com to ask about their policy for payments overseas but it didn’t. The Payment Details in the email describe making a bank-to-bank wire transfer. The real Airbnb will never ask you to make a bank wire transfer! In fact, according to Airbnb, payments are never made offsite according to their article titled What should I do if someone asks me to pay outside of the Airbnb website? Read: https://www.airbnb.com/help/article/199
Secondly, Steven didn’t notice that the email did not come from airbnb.com. Look closely… The email’s from address is:
It’s really important to look carefully at the from address. Don’t pay any attention to anything written in front of the “at” symbol because anyone can write anything at all. That portion is useless. The critical part of an email address is the domain that appears after the @ symbol and just before the dot-com. This email doesn’t say email@example.com! The domain listed is xn—arbnb-wwb.com This is a dead giveaway that the email is fraudulent. How can we be so sure? A simple WHOIS tool on the Internet makes it crystal clear…
Look at a WHOIS listing for the real domain airbnb.com and you’ll clearly see that the domain was registered to Airbnb, Inc of San Francisco in 2008. http://whois.domaintools.com/airbnb.com
Now look at the WHOIS listing for xn—arbnb-wwb.com and you’ll see that it was registered on July 7, 2016 using a privacy service called “Contact Privacy, Inc.” in Toronto, Canada. No website title is listed and no screenshot of the website is available. http://whois.domaintools.com/xn--arbnb-wwb.com
Now that Steven had taken the bait without becoming suspicious, all the scammers had to do was reel him in. What followed were well-crafted confirmations from the same fake Airbnb email address. The first email below says “Airbnb” six times! It’s as if the recipient will believe it more because they say it a lot!
Understandably, Steven was extremely upset by once he figured out he was scammed out of $2,526. He had wired it to a Barclay’s bank account in the UK and never saw it again, never heard from “Audrey” again, or anyone else associated with the apartment. “Audrey” had created a fake profile on Airbnb, created fake emails representing Airbnb and pulled off a well executed fraud. Of course, Steven complained to Airbnb that they had no screening process and the scammer had used the Airbnb website and letterhead. Unfortunately for consumers, services like Airbnb or Care.com can never really screen out criminals from their services because it is too easy to deceive others online, as Steven discovered. However, we noticed another interesting tidbit about the apartment ad placed by “Audrey.” The ad was listed as “NEW” and had not been reviewed by other Airbnb guests. Obviously some apartment listings must be new, but it made us wonder about that “new” listing. We had no problem creating an account in Airbnb, heading back to New York listings and finding another apartment listed as “new” and without references from any other guests. And we wondered… Is this the next scam trap or is it a legitimate new listing?
A deeper footnote to this scam… Audrey’s email struck us as odd: firstname.lastname@example.org. Of course we ran to WHOIS tool to see who owned kotair.com and learned that it was registered in December, 2015 to someone named “Benedict Smith” of London and is being hosted in the UK. http://whois.domaintools.com/kotair.com
Further digging informs us that Benedict Smith has at least eleven other domains registered to him. Is it possible that Mr. Smith (or whatever his name is; there are many such names living in the London area) might be involved in this scam? Could any of these other domains be used in Airbnb scams or other scams? We visited the web tool called DomainBigData.com and asked to see all of the websites registered to “Benedict Smith.” http://domainbigdata.com/nj/J26bZdDxJXoLrc7FksreDw
We noticed some newly registered odd domain names and wondered if we might hear from other Airbnb members who are scammed and receive emails from any of the domains registered to Benedict Smith, like wehson.com or zuuznet.com. Only time and our readers will tell.
UPDATE - March 8, 2017:
A TDS Reader father sent us the email below after his 20-year old son asked him if this Airbnb listing seemed legit. Nevermind the fact that the 20-year old was being asked to wire the deposit to Italy, look at the email address the listing came from! The from address reveals the scam. The email was sent from airbnb-trust.com not airbnb.com.
The domain airbnb-trust.com was registered on December 17, 2016 by someone named "Cristina Rigoni" from Pero, Italy and the site is being hosted in Italy. Google can find the domain but offers no information about it. This is a sham site.