In late April, we began seeing emails identified as callback phishing originating from Airbnb’s trusted infrastructure. This wasn’t a rental confirmation. This wasn’t a receipt from a recent vacation. The attacker identified a new form of trusted infrastructure abuse to bypass email security solutions and socially engineer their targets.

The emails were signed by email.airbnb.com and carried the same callback number embedded in different host listings registered to different attacker-controlled Airbnb accounts. When we pulled the thread, the messages turned out to be the visible edge of a highly targeted campaign built around  a 1:1 delivery architecture: one attacker-created Airbnb listing per enterprise victim, each routed through its own dedicated iCloud→GMX off-ramp. 

Our previous research showed how attackers turn a trusted platform into the generator of a malicious payload. This campaign extends the model by borrowing the distribution layer too — and operationalizing it per target.

The Airbnb Campaign: Multi-Hop Consumer Off-Ramps

The attack delivers a legitimate Airbnb transactional notification appearing from Airbnb <automated@airbnb.com> with a DKIM signature from email.airbnb.com, a passing DMARC status on a strict p=reject policy, and valid BIMI headers present. 

The visible body preview contains a single line of injected text acting as a tech-support volume-vishing/callback lure:

Payment Successful, To Cancel Call Us -18432270140

There is no malicious URL to click and no weaponized attachment to detonate. The only attacker-controlled bytes in the message are rendered directly into a real template by Airbnb's own transactional infrastructure.

By the time this email hits the corporate boundary, it is scored completely clean by independent commercial email-security stacks.

Inside the Trusted Relay Chain

The efficiency of this campaign relies on the fact that the adversary builds nothing, compromises nothing, and incurs zero operational cost. Instead, they stack the free tiers of three distinct provider ecosystems:

1. The Abused Generator (Airbnb): The attacker creates a free Airbnb host account. They build a fake property listing where the property name field is set to the callback phishing pretext. The attacker takes advantage of the fact that Airbnb's notification templates treat this title field as trusted inventory metadata, which is rendered into the message body as a first-class string without input validation or content moderation.

2. The First Off-Ramp Hop (iCloud): one disposable iCloud account per victim, registered as the contact email on that victim's Airbnb host account. Within iCloud Mail, the attacker configures a server-side Mail Rule to auto-forward everything to the next staging point. Captured instances: mollmcclain2s8@icloud.com and son29htmmig707063@icloud.com. 

3. The Final Relay Hop (GMX): one disposable GMX webmail account per victim, receiving the iCloud forward and re-emitting it to the enterprise target through GMX's high-reputation outbound MTAs (mout.gmx.net). Captured instances: psychacbidapret6b@gmx.de and plasmedtegape74@gmx.de. Again, one per victim, no reuse.

Campaign execution is a deletion wave. The attacker deletes listings in sequence — in our captured window, the deletions are nine minutes apart, fanning out to distinct enterprise tenants. Each click fires Airbnb's template, each render embeds that victim's listing-name payload into the body, and each notification rides its dedicated iCloud→GMX rail to its assigned inbox. Airbnb's transactional engine hands every one of these messages to SendGrid, which signs with Airbnb's valid domain key (header.d=email.airbnb.com) and emits from an authorized SendGrid IP. At this stage, every outbound message in the wave is entirely authentic and untampered — the attacker has not touched the bytes.

Technical Analysis of the Forwarding Chain

The email routes through a multi-hop relay, with each step interacting uniquely with core email protocols:

Hop 1: Airbnb →   iCloud

The email lands in mollmcclain2s8@icloud.com with its original DKIM signature intact and valid SPF alignment.

Hop 2: iCloud → GMX

Each iCloud account's Mail Rule fires, forwarding to that victim's dedicated GMX address. Apple's transport stamps two distinctive headers per message — these are the campaign's structural smoking gun, because they encode the next hop's address directly:

An example victim chain:

• X-Apple-Action: FORWARD/ggdsytd%psychacbidapret6b@gmx.de

• Original-Recipient: rfc822;mollmcclain2s8@icloud.com

Same header schema, different payload — exactly what a per-victim rail looks like at the protocol level.

Hop 3: GMX →   Target Corporate Inbox

Each GMX inbox receives its victim-specific forward and re-emits via GMX's outbound MTAs. Crucially, both iCloud and GMX execute plain, body-preserving forwards. Because no intermediate hop modifies the body or MIME parts, Airbnb's original DKIM body hash (bh=) remains valid through every relay. GMX rewrites the envelope sender to its own domain, adding Return-Path: <victim-specific-gmx-address>@gmx.de.

Hop 4: Protocol Evaluation at the Gateway

Every message in the campaign hits its destination perimeter with identical cryptographic results. The recipient stack runs standard checks and gets the same verdicts on every instance:

• SPF passes — evaluated against the immediate envelope domain (gmx.de). GMX's outbound IPs are authorized in GMX's published SPF record, so SPF returns a pass for every victim's message.

• DKIM passes — the gateway fetches Airbnb's public key, verifies the body hash against the unaltered body, returns pass. The signature was generated once at SendGrid and survives intact through every forward.

• DMARC aligns — the signing subdomain email.airbnb.com matches the organizational domain airbnb.com under relaxed alignment. DMARC passes flawlessly on every message in the wave, rendering Airbnb's strict p=reject policy toothless against this campaign.

Indicators of Compromise (IOCs)

Traditional Threat Intelligence lookups across these actor-controlled elements return zero alerts because the components are fresh and leverage legitimate consumer space.

Campaign Telemetry & Infrastructure Artifacts