Details of an Airbnb Fraud

This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn't do much to combat fraud on its platform. But I am more interested in how the fraudsters essentially hacked the complex sociotechnical system that is Airbnb.

The whole article is worth reading.

Posted on November 6, 2019 at 6:19 AM • 19 Comments

Comments

Nic FischerNovember 6, 2019 6:52 AM

Glad to see the update about the FBI getting in touch - my immediate thought on reading the piece was "interstate wire fraud" !!

TatütataNovember 6, 2019 8:15 AM

Yawn. Just yet another iteration on an old scam.

Before AirBNB, there were already plenty of fake listings on "FeWo" booking sites. The mark would book a fantastic location at an unbeatable price, and pay in full by an advance bank transfer. When he comes to collect the keys, he discovers that the flat belongs to someone else and isn't available for rent, and that the pictures in the ad were just lifted from elsewhere.

Replace apartments by just any commodity, such as sports tickets.

But Airbnb, which plans to go public next year, seemed to have little interest in rooting out the rot from within its own platform. When I didn’t hear back from the company after a few days, and saw that the suspicious accounts were still active [...]

Again, nothing new under the sun. Many years ago I saw an tempting ad on Ebay for an expensive RF measurement instrument.

But it seemed more than a little bit odd. The alleged seller location was GB, the base currency was C$, and there was also a connection to Australia. I contacted the "seller" and asked a couple of questions. The answer came very quickly. The technical part was nonsensical, but there was also an offer of a hefty "discount" if I were to make an immediate Western Union transfer outside Ebay. The e-mail headers revealed an IP address in the Balkans. After a little searching I was able to find the original listing that had been plagiarised. I flagged the ad to Ebay, but months later that seller was still in "business", like in the AirBNB case.

Those "new" platforms are never responsible for anything. Uber does not employ anyone. Fessbuck isn't in the fact checking business. And Ebay and AirBNB are mere intermediaries without any liability...

RealFakeNewsNovember 6, 2019 8:25 AM

Why is fraud one of the hardest crimes to report/deal with?

Why didn't this guy report this to the Police himself? It took the FBI to call him, after reading his article?

AlanSNovember 6, 2019 9:22 AM

The Airbnb story is part of a longer discussion in this Arvind Narayanan Twitter thread.

The platform company playbook: ignore abuses of the platform; leave it to customers/users, journalists, and 3rd parties to police harmful activities; wait until there's an outcry take stuff down. In other words, externalize the costs and keep the profits.
The point here is that the lack of regulation allows them to externalize costs. The fraud and profit is possible because Airbnb (and other platform companies) can get away with the being less of a "complex sociotechnical system" than they actually need to be. 

BenNovember 6, 2019 9:30 AM

“I was very put off by getting scammed. But at this point, I feel like if I want to travel, there’s not really much else I can do.”

"Even after a month of digging through public records, scouring the internet for clues, repeatedly calling Airbnb and confronting the man who called himself Patrick, I can’t say I’ll be leaving the platform, either."

If I say that people willing to keep going back and using these service and support a clearly broken and fraudulent system is part of the problem, it might be considered victim blaming.

So I won't say that people willing to keep going back and using these service and support a clearly broken and fraudulent system is part of the problem.

RogerBWNovember 6, 2019 10:56 AM

Anyone might think that there were reasons for all the legislation around hotels and money transfers, from eras when consumer protection was more important than it is now. But hey, move fast and break things.

Airbnb just has to be profitable enough to bring in the suckers at IPO time. It doesn't have to be sustainable.

Municipality of Anchorage // city hallNovember 6, 2019 3:01 PM

... is both

(a) a prime vacation destination for various work-related seminars; and

(b) rife with rampant real estate fraud of all kinds enabled by the public corruption of entrenched local "old-money" land-owning families with members in local, state and federal government office.

Irish Mob town. In the same class as double-dealing Lyft+Uber cabbies competing with the old NYC-style local medallion-permitted taxies.

FranklyNovember 6, 2019 5:19 PM

It's not that these platforms are lazy or apathetic or irresponsible. They can't reign in the fraud because the cost exceeds their profit margin. It's not a business model that permits sufficient supervision to make customers safe. Same goes for Uber, Lyft, eBay, Amazon marketplace, AirBnB, and not fraud but TOS violations at Twitter, Facebook, etc. The same reason explains why K-12 schools can't stop bullying. The person-hours of work needed to address this extensive issue exceeds the funds available.

Worse, it will reach a point (or has already) where governments can't enforce certain laws, as they will not have the funds, given the increasing technological resources of the population and therefore the ease with which they can commit crimes. It used to be you had to commit fraud in person (a la Paper Moon). Now you can commit fraud all over the world from any computer. Addressing these crimes is expensive.

It's an economic battle. Technology makes certain crimes faster, easier, cheaper, but the law enforcement response has not kept up. They still have to gather evidence, find perpetrators, make arrests, and prosecute in court. By then, the criminals apprehended have been replaced by others doing the same thing.

Worst, the only way to stop tech crimes in the end will be draconian laws and draconian enforcement. There's no other possible end result.

Security SamNovember 6, 2019 9:12 PM

This is yesterday’s news on Airbnb
The whole scheme is a boondoggle
For you will be bitten by the bedbugs
Before you can say Bob’s your uncle.

WaelNovember 6, 2019 9:46 PM

@ Security Sam,

This is yesterday’s news

Cute :) +1

Before you can say Bob’s your uncle.

Bob's your unc.... ouch!

meNovember 7, 2019 3:27 AM

@RealFakeNews
> Why didn't this guy report this to the Police himself? It took the FBI to call him, after reading his article?

yes! also why didn't he call fbi *before* publishing? i mean he deleted the website and i'm sure he is destroying all other evidence.
why don't call police and only after he has been arrested publish the article?

Clive RobinsonNovember 7, 2019 5:25 AM

@ Frankly,

Worst, the only way to stop tech crimes in the end will be draconian laws and draconian enforcement. There's no other possible end result.

If they can not enforce the laws they have got in their jurisdiction then they can not enforce any new laws in their jurisdiction unless,

1, They get substantial new resources.

2, The new laws are blanket "we say you are guilty" laws that have no real due process in them.

Either would not be of benifit to society because they don't solve the actual problem of the criminals being "out of jurisdiction" or attacking through another jurisdiction.

This is the consequence of "non locality" of cyber-crime.

Which is mostly caused by insecure systems connectrd to the world.

Back a while ago out side of high population density areas most people did not have locks on their doors, and if they did they probably did not use them.

Eventually at the begining of the last century due to increasing mobility crime at a distance from your home became considerably easier. In part this eas the reason the FBI was created, and we know how that turned out under J. Edgar Hoover.

Thr second consequence was more people started securing their homes because neither the police or insurance --if they had it-- would sort the problem out.

Thus the historic solutions thst we know will work are,

1, Reduce your public exposure.
2, Secure your remaining public exposure.

The ultimate form of this is to not have your systems make any public connections. Secondly only use software from the Boot/BIOS up have been designed with security in mind.

But whilst you can do that now most people won't, and the only reason cyber-crime is not far worse than it currently is, has little or nothing to do with "Guard Labour", "Cyber-legislation", "Cyber-regulation" or any in jurisdiction activities by politicians and legislators. It's that the ability to commit cyber-crime far exceeds the number of cyber-criminals, that is ICT is a "target rich environment". The reason that there is a limited number of cyber-criminals is that whilst there is a skill level way above average required to come up with new exploits, that is not the inhibitor. The actual inhibitor is that there is not the back-end systems to support the effective moniterisation of their crimes.

1, Thus better monitary control to stop money laundering etc is the area legislation will work. But politicians under the direction of lobbyists don't want to go there.

2, Better "fit for purpose" regulation for ICT products, both hardware and software will if done correctly make cyber crime very much more difficult. But again politicians under the direction of lobbyists don't want to go there.

3, Making "communications" more localised, back into juresdictions will make cyber-crime more difficult. But whilst some nations politicians do actively want to do that when it comes to WASP / Five-Eye nations again politicians under the direction of lobbyists and their own government entities don't want to go there.

If you want to cutdown ICT crime then don't do the equivalent of puting everything you own under a tarp, next to a highway where neither you nor the guard labour go. Because criminals will and steal what they like and trash the rest.

At the end of the day "Thou shalt not" legislation even with "on pain of death" penalties will not work unless thr guard labour are there to "make it happen" publically so that the risk is real and high enough to act as a real credible and imminent threat. Religion has tried the "eternal damnation line" but that clearly did not work back five centuries ago, nore does it work now. So why expect the words of politicians to work any better than the words of priests?

Think November 7, 2019 5:27 AM

Simple fix - landlords have to go through AirBnB customer Service to cancel any pre-existing reservation. AirBnB then is required to control and be legally responsible for the transaction assuming all liability until the original consumer agrees to any change. AirBnB can then also control the ratings system on transactions like this to be fair and accurate.

Of course - it’s not in the interest of their bottom line or maximization of the IPO share price. It’ll take a lot of pressure, a big lawsuit or consumer boycotts to fix.

Consumers are easily swayed by a low price - so much so that they can be easily defrauded. Buyer beware.

ChrisNovember 7, 2019 12:30 PM

The New York Times ran an editorial about eBay in June of 2018 ("Want to Understand What Ails the Modern Internet? Look at eBay").

"EBay users’ participation in the site’s governance is best understood as large-scale offloading of labor, and is basically limited to snitching on one another; users have some recourse against one another and somewhat less against the site itself. That imbalance doesn’t bother us because eBay is eBay. 'It’s a transactional platform; the transaction is very clear to both sides...'”

The larger point made was that eBay helped condition us not to expect too much in the way of recourse from "platform" companies which helps explain why people who get scammed keep going back to Airbnb. And Twitter. And Facebook. And Uber...

SpaceLifeFormNovember 7, 2019 4:45 PM

@Frankly @Clive

It is the economics.

"Worst, the only way to stop tech crimes in the end will be draconian laws and draconian enforcement. There's no other possible end result."

I think that draconian law is the end goal of fascism. But, meanwhile, the money is the most important.

And actually, there is an alternative:

Shutdown the Internet.


Clive RobinsonNovember 8, 2019 6:49 AM

@ SpaceLifeForm, Frankly,

And actually, there is an alternative: Shutdown the Internet.

Whilst it is the biggest ICT security fear of them all it would not realy worry me.

Because I was born at a time when it had not been thought of except by the likes of a tiny few in think tanks like Gordon Welchman. Further computers were being made with valves, and had nearly zero impact on the work force[0] untill the mid 1960's.

In effect I grew up with the transistor and the push the "The race for the Moon" did to give us "silicon chips". And yes I embraced them but was never enslaved by them.

Like most others of that time I had a high degree of self reliance and although when I was quite young we were considered "privileged" by our neighbours because "we had a phone"[1] for which I dutifully learnt the number. I did not actually use it untill I was well in my teens and already playing with radio with friends (and using phone boxes for "privacy" with those that did not have radios). In fact hearing the harsh clang of the phone bell at home was always a bit of a shock[2].

Before the 1980's I was a licenced amature (Ham Radio engineer) maratime radio officer on my way to a masters ticket and design engineer working in the computer and communications industries thus had many of the benifits that mobile phones later gave us as well as data comms at my finger tips often as Ui was designing it way before others.

Importantly none of which made any real difference to the way my social life and more personal life worked.

These days if we look around we see groups of friends using mobile phones to find each other in a pub or club on a night out, which to me just elicits a sad disbelieving shake of the head.

So to me and perhaps many of my generation loosing mobile phones and the Internet would not make any real difference to our private and social lives, we'd just drop back into the self reliant behaviours we had when growing up.

Whilst later generations might feel pain or even handicaped by such loss, their pain and suffering would be minimal compared to that of a number of First World mainly WASP / Five-Eye Nations. Because they jumped into the "knowledge economy" without considering the risks.

I suspect most here remember President Obama and his global "Internet Kill Switch" idea. But perhaps not why it dissapeard fairly rapidly after a flurry of news. The reason being it would have been better named the "Nuke the US Economy Switch".

The funny in a sad way thing, for non US Citizens or residents, is how the US gets it's self into such technological binds or messes over and over, apparently without learning from previous lessons...

The prime example of which was 9/11, and it's currently ongoing deleterious effects. All due to the US over reliance on leading edge technology without adequate safe-guards. Which ment it was easy for just a handfull or two of people to take "US Hi-Tech" and turn it against the US as "guided missiles" in an all to predictable way (see Tom Clancy "Jack Ryan" books amongst several others). The consequences of which is still condeming hundreds if not thousands of US citizens every year to untimely deaths, crippling the US economy, and raising US national debt to way beyond realistically recoverable limits.

If the "Nuke the US Economy Switch" was ever pushed then the results would be even more than somewhat deverstating for the US but not somuch for the rest of the world. That is many nations economies are not totaly dependent on such "Hi-Tech" thus they are much closer to doing things "the old way" and will have a minor bump rather than an earth shattering crash.

That said though, the fact the US is effectively the Internet's "Rome" to which "all roads lead" has started other nations realising that the Obama Switch idea is in effect what will become a global ecomony "Doomsday Device". And back since 2014 have been actively campaigning at the UN to get the Internet to come under world governance equivalent to "Maratime Law" and "National Governance" such that nations can have their own control over the Internet within their jurisdictions. Needless to say this does not sit well with the Five-Eyes SigInt agencies and the Silicon Valley Big Corporates. In part because that Obama Switch would be the equivalent of the one one an "electric chair" for them. Which might account for why they are desperately trying to diversify themselves into other technology areas that are not Internet dependent.

[0] 1973 gets quoted as being the most efficient office workers became. And that it was the introduction of computers especially the later "Personal Computers" that destroyed office work efficiency and productivity. Both of which are still dropping today because of computers (Internet / Facebook / twitter skivers and the like, with "Candy Crush" thrown in to sweeten the mix).

[1] Most phones back then were what we now call "Plain Old Telephon Service" (POTS) "Land Lines". The likes of "phone patches" were illegal as at that time all communications was controled by the UK Government through the "Post Master General" political office and implemented by the "General Post Office" (GPO) that did not get deregulated untill the 1980's when things got split up to be sold off. Thus we ended up with "The Royal Mail", "British Telecom" later "BT" and a strange anomally called "Mercury Communications" that ended up being owned by "Cable and Wireless".

[2] This was followed by an alnost instant "guilty" thought about if some one was phoning up to say I'd been seen doing XYZ, or some such. Which kind of tells you what a fun time I had when young ;-) Most of which were actually fairly harmless but have subsequently had laws passed against them :-( Due in the main to the idiocy and machiavellian behaviours in politicians and civil servants respectively, where they make and pass into law legislation so broad in scope that they can just say "you are guilty" without any meaningfull cause :-S

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.