Booking.com Warns Of AI-Fuelled 900 Percent Scam Surge

Matthew Broersma,
Linkedin
hotel Image credit Unsplash 001

Travel scams rose up to 900 percent in 18 months as generative AI makes phishing sites harder to detect, Booking.com warns

Travel scams have risen as much as 900 percent over the past year and a half, with generative artificial intelligence (AI) playing a key role, reservations site Booking.com has warned.

The company’s internet safety chief Marnie Wilking told the Collision technology conference in Toronto that there had been a “500 to a 900 percent increase” during the period, the BBC reported.

The phishing scams involve setting up fake hotels on sites such as Booking.com or Airbnb and then vanishing after taking customers’ payments, or sending follow-up messages to scam them out of more money.

Wilking said the company has observed a surge in scams since the public launch of OpenAI’s ChatGPT in November 2022.

booking.com Image credit Unsplash
Image credit: Unsplash

Phishing scams

The tool allows scammers to generate convincing-looking text in multiple languages, making scams harder to detect.

Scammers are also using generative AI systems to create fake images, Wilking said.

“Of course, we’ve had phishing since the dawn of email, but the uptick started shortly after ChatGPT got launched,” she said.

“The attackers are definitely using AI to launch attacks that mimic emails far better than anything that they’ve done to date,” she said.

She called on hotels and travellers to use two-factor authentication, calling it “the best way to combat phishing and credential stealing”.

Wilking added that Booking.com has also made use of AI to block scams from using the site or to take them down before payments have been received.

Hotels have also seen a rise in phishing scams via Booking.com, amidst an upsurge in tourism following the Covid-19 pandemic.

Hotels targeted

Some 118 hotels in Japan said they had fallen victim to email scams via Booking.com between June 2023 and March 2024, the Kyodo news agency reported in April.

The scams involve malware-infected emails sent to hotels posing as customer messages, the report said.

The malware then steals the business’ Booking.com credentials, allowing scammers to send fraudulent requests for payment to customers.

Customers are directed to enter their payment details on a fake website, the report said.

Similar scams have been reported in Europe, the US, Asia and Oceania.