Ask HN: Tracking down fake Airbnb owner
Case:
Not so technical colleague got scammed for 2 months rent. What can he do?
Steps: 1. He found apartment listing on immobiliare.it
2. Some emails were exchanged
3. He receives the link to the _real_ airbnb listing
4. He cant find it there, and the scammer sends the phishing page[1] (from @expertdesigner.eu)
5. Soon after he receives another email saying that the database is down from @airbnb.sa.com and he should meanwhile move the money using transferwise.com
6. Payment done
7. Scammer replies: Payment received
The login page was quite well made, and I think most of non technical people might get fooled
[1] The URL: https://airbnb.com-itinerary.app/rooms/762837232/files/login.php?id=572465&locale=en&sale=203&
Thoughts?
11 comments
[ 4.4 ms ] story [ 33.0 ms ] thread- The police
- https://reportphishing.net/airbnb/
- Airbnb report on the listing page - but now to think about it, we can't be sure the listing itself is connected to the scam. The host of the listing is a superhost (whatever that means)
Also the police said, there's not much they can do
In fact if anything, the story is about a (fake) AirBnb owner. The AirBnB was real, the “owner” was fake.
Both are accurate unless you somehow imagined this would be a story about a fake founder of AirBnB (in which case I’d say the confusion is more of a personal problem).
Basic Info
- username at home dir: comitin1 - LiteSpeed server - SERVER_ADMIN=webmaster@airbnb.com-itinerary.app - English not first language
- Sends over location, victim ip-port pair, protocol, client, TLS encryption suite
Client (Victim):
From main.html:
POST /transaction.php?id=1 --> transaction.html
POST /transaction-process.php --> attacker no longer cares...empty response body
Admin
https://airbnb.com-itinerary.app/rooms/762837232/files/manag...
Login with POST /index.php with username and password
There is a whole interface for easy management of properties, with its own UI! It does proper client and server-side validation of inputs, uses a set of images of houses and hosters.
POST /process-data.php
POST /send-discount.php for a particular property id
POST /edit-discount-process.php