As the summer holiday season approaches, where millions around the world seek affordable travel tickets and bookings, scams seem to be proliferating. The cybersecurity chief at the well-known Dutch travel booking platform "Booking" has warned about the need to be cautious of fraud executed through powerful artificial intelligence techniques. Marni Wilking, the cybersecurity officer at "Booking," noted that generative artificial intelligence has led to a significant increase in phishing attacks, adding that the hotel and restaurant sectors, which have long been sheltered from such operations, have also become targets, according to AFP.
She stated that "attacks, particularly phishing attacks, have increased by between 500% and 900% in the last year and a half across all sectors globally." She observed that hackers are "undoubtedly using artificial intelligence to launch attacks that mimic email messages much better than they have before." She explained that generative AI tools now allow scammers to use multiple languages, and in each language, enhance the text's style and apply grammatical rules better than before.
Wilking clarified that a hotel employee, aiming to serve a supposed guest who sent an email, "is likely to open the attached file," which is, in reality, a malware program exploiting the service-based nature of the sector.
On this note, she emphasized that users, whether they are booking seekers or travel and hospitality organizations, must enroll in a two-factor authentication system while browsing the internet. In two-factor authentication, it is not enough to enter the username and password; users are required to confirm their identity through an additional factor, which may be a one-time code sent to their mobile devices or generated by an authentication app.
The expert stressed that this additional step, despite requiring some extra effort, remains "by far the best way to combat phishing and identity data theft." She also advised users "not to click on anything that seems suspicious," encouraging them to "contact the owning entity, hosts, and customer service."
Wilking reported that there is close collaboration between "Booking" and other prominent entities in this sector, adding, "We have created AI models to detect these scams or prevent their occurrence from the start and then remove them before any booking."
She also pointed out that travel booking sites have noted an increase in government entities (believed to be from Russia and China) accused of conducting harmful online activities or spying on customers. She questioned: "Why would a state pursue a hotel chain? If they know that a member of the U.S. Senate, for example, frequents a particular hotel chain, why not pursue that chain?"
Phishing involves stealing a user's identity or confidential information (access codes, banking details, etc.) through deception, via a link in an email. Scammers also impersonate official entities, such as banks, delivery platforms, or customs authorities, mimicking authentication systems. Their goal is to persuade the victim to visit the fraudulent site—similar to the original site—leading them to fall into the trap and enter their confidential information.
Travel sites can serve as a goldmine for scammers, as those seeking to book flight tickets or hotel stays often need to provide their credit card details or upload a copy of an identification document. Although phishing has existed through email for a long time, the expert noted that "a surge began to be recorded shortly after the launch of ChatGPT" at the end of 2022, a program that generates content based on a simple request in everyday language.
