• Attacks, especially phishing attacks, have increased by between 500 percent and 900 percent in the last year and a half, across all sectors worldwide, revealed Marnie Wilking, Booking’s cybersecurity chief.
• Hackers are undoubtedly using AI to launch attacks that simulate emails much better than before. Generative AItools now enable scammers to use multiple languages, improve the style of texts in each language, and apply grammar better than ever.
• It is indicated that “phishing” is based on the theft of a user’s identity or confidential information (such as access codes, bank details, etc.) through trickery, typically via a link in an email they receive.
• Scammers impersonate official bodies, such as banks, delivery platforms, or customs authorities, and mimic an authentication system.
On the verge of the summer holiday season, as millions worldwide search for affordable travel cards and bookings, acts of fraud have reportedly begun to spread widely, according to Q8-Press.
The cybersecurity official at the popular Dutch travel booking platform Booking warned of the need to be wary of scams carried out by powerful artificial intelligence technologies.
Booking’s cybersecurity chief, Marnie Wilking, noted that generative artificial intelligence has led to a significant increase in phishing operations, adding that the hotel and restaurant sector, which has long been unaffected by these operations, has now become a target, Agence France Presse (AFP) reported.
500% rise in phishing attacks
“Attacks, especially phishing attacks, have increased by between 500 percent and 900 percent in the last year and a half, across all sectors worldwide,” she noted.
She observed that hackers “are undoubtedly using artificial intelligence to launch attacks that simulate emails much better than before.” She explained that generative artificial intelligence tools now enable scammers to use multiple languages, improve the style of texts in each language, and apply grammar better than ever.
She further explained that a hotel employee, in order to serve the alleged guest to whom they sent an email, “will probably open the attached file,” which is, in fact, a malicious program exploiting the nature of this service-based sector.
Two-factor authentication
In addition, she confirmed that users, whether they are booking applicants or travel and hospitality institutions, should not forego subscribing to the two-factor authentication system when browsing the Internet.
In two-factor authentication, it is not enough to enter your username and password; users are required to confirm their identity through an additional factor, which may be a one-time code sent to their mobile devices or generated by an authentication app.
The expert emphasized that this additional step, despite requiring extra effort, remains “by far the best way to combat phishing and prevent theft of identifying data.”
She also advised users to “not click on anything that looks suspicious” and encouraged them to “reach out to the owner, hosts, or customer service.”
Wilking reported on the close cooperation between Booking and other prominent actors in the sector, stating, “We have created artificial intelligence models to detect these scams or prevent them from happening in the first place and then delete them before any reservation.”
She also highlighted that travel booking sites have observed an increase in government agencies (believed to be Russia and China) accused of carrying out harmful acts online or spying on customers. She posed the question: “Why would a country target a hotel chain? If they are aware that a US senator, for instance, frequents a specific hotel chain, why wouldn’t they target it?”
Guarding against digital predators
It is indicated that “phishing” is based on the theft of a user’s identity or confidential information (such as access codes, bank details, etc.) through trickery, typically via a link in an email they receive.
Scammers also impersonate official bodies, such as banks, delivery platforms, or customs authorities, and mimic an authentication system.
Their goal is to convince the victim to visit the fraudulent site—which is designed to look similar to the original site—and trick them into entering their confidential information.
Gold mine for scammers
Travel sites can serve as a gold mine for scammers, as users requesting to book flight tickets or hotel stays often have to provide their credit card details or upload a copy of a proof document.
The expert noted that although phishing was already present via email, “the increase began to be recorded shortly after the launch of the +GBT+ Chat” at the end of 2022, a program that generates content upon simple demand in everyday language.
