This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies, like Airbnb in order to protect European citizens and companies.
As we get closer to the GDPR implementation deadline, I think we can expect to see a lot a lot more of these types of phishing scams over the next few weeks, that's for sure. In the case of the Airbnb scam email, hackers were attempting to harvest credentials. Attack vectors do vary however and it's possible that other attacks may attempt to infect hosts with keyloggers or ransomware, for exampleTo protect themselves against these types of attacks, users should familiarize themselves with some of the most common types of phishing attacks and implement steps to prevent a ransomware infection.
UPDATE 02/05/18: Following publication of this story, a public affairs manager for Airbnb reached out to this author with the request that the following statement be shared:
These emails are a brazen attempt at using our trusted brand to try and steal user’s details, and have nothing to do with Airbnb. We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on [email protected], who will fully investigate. We provide useful information on how to spot a fake email on our help centre and work closely with external partners to report and help remove fake Airbnb websites.The statement went on to assure users that bad actors never had access to their details before sending out the messages. It also recommended that users could confirm the legitimacy of an Airbnb email by checking the sender's email address against this list of official aliases used by the company and by hovering over a URL to see if they would be redirected to a subdomain operated by Airbnb.com.