consumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent outAttack.Phishingahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending outAttack.Phishingmessages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent outAttack.Phishing, it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scamAttack.Phishinguncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to beAttack.Phishingfrom Airbnb . The attackers appear to beAttack.Phishingtargeting business email addresses , which suggests the messages are sentAttack.Phishingto emails scraped from the web . The phishing message addresses the user as an Airbnb host and claimsAttack.Phishingthey 're not able to accept new bookings or sendAttack.Phishingmessages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urgedAttack.Phishingto click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to stealAttack.Databreachpeople 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaignAttack.Phishingin terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come fromAttack.Phishing' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as baitAttack.Phishingfor other phishing scamsAttack.Phishing, with messages claiming to beAttack.Phishingfrom other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scamsAttack.Phishingover the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvestAttack.Databreachcredentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessedAttack.Databreachuser details in order to sendAttack.Phishingemails and that users who receiveAttack.Phishinga suspicious message claiming to beAttack.Phishingfrom Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and stealAttack.Databreachuser 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has receivedAttack.Phishinga suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .