As with most modern apps geared toward consumers, the core concept behind Airbnb and Uber is to provide a service that makes people’s lives easier.
Airbnb allows hosts to rent out their homes to low budget travelers, and through Uber people can get a ride in minutes, or even become a driver with a flexible schedule.
However, their systems have also been abused by cybercriminals for money laundering.
The way that it is done is similar to how stolen credit cards are used to buy iPhones or other high-value items, by selling the items and turning the credit card money into legitimate forms of money.
Although for some of the scammers this will be a one-time thing, many of them are looking for long-term arrangements where they could earn up to $3,000 at a time.
Money Laundering on Airbnb
Scammers are funneling dirty money through the most popular accommodation services. The money laundering requires almost zero effort, a little bit of creativity and a computer.
According to a recent report by cybersecurity research firm Trustwave, there are several posts on various darknet forums where users are asking for people to work with them to abuse Airbnb.
The way the money laundering is done is through the use of stolen credit cards. The scammers will look for Airbnb hosts who are willing to cooperate, and they will book through the host.
Оnce the payment is made, the scammer won’t actually live in the place, and the host will send back a percentage of the profit.
As the system operates, users know the Airbnb host is legitimate by the reviews travelers write on the page.
When a traveler stays at a place booked through Airbnb, they are encouraged to leave a review. Scammers find a way around that protection by using real hosts with mutual intentions.
According to past statements from Nick Shapiro, Airbnb’s head of trust and risk management, the company has developed a system that scores reservations for risk in advance. They flag and stop suspicious activities by assessing a number of signals.
Airbnb also employs different operations to verify if a credit card is being used by its rightful owner whenever they are made aware of a suspicious credit card activity.
The problem has been apparent since 2017, perhaps earlier. In a Daily Beast report on the subject in November 2017, Rick Holland of cybersecurity firm Digital Shadows noted that Airbnb itself is not a target, but that the platform is being put to wrong use to ease credit card fraud.
Even reputable e-commerce and retail providers are struggling with this activity, and it goes to show that cybercriminals go for many different services.
The ‘Acupuncture’ Fraud Scheme
Cybercriminals launder money through Uber by recruiting drivers to pretend to take them on a ride.
In their report, Trustwave researchers cite a 2016 darknet advertisement of a how-to guide for this process, boasting earnings of $723 per week for fake Uber drivers.
These individuals don’t actually take the ride, but they pay for the trip by using the stolen credit card money.
The Uber driver then sends part of the money for the trip back to the criminal. This strategy was used in a major ride-sharing fraud operation busted by federal law enforcement just over two years ago in New York.
A common scheme known by the name “acupuncture” involves a collaboration between a co-conspirator that lives overseas and a U.S.-based driver.
The co-conspirator—who is typically based in China or India—drops location pins in the application along with the driver’s route.
After that, the driver collects them, typically from a stolen credit card, and sends back a portion of the money to the criminal known as a “nurse.”
The alluring part of it that makes the driver participate in this scam is that they’re getting paid for driving a route they’re normally driving anyway, but in fact, it is a serious legal liability for them.