Booking.com Warns of AI-Driven Phishing Surge Targeting Travelers and Hosts

Booking.com’s CISO, Marnie Wilking, warns of a surge in AI-driven phishing scams targeting the hospitality industry, emphasizing the importance of two-factor authentication and caution when dealing with suspicious emails. The company is utilizing AI to detect and block fraudulent activities on its platform.


21 June 2024 – As travelers eagerly book their summer vacations, Booking.com’s Chief Information Security Officer, Marnie Wilking, has issued a warning about the rise of sophisticated AI-powered phishing scams. Wilking highlighted that the hospitality industry, previously less targeted, is now increasingly at risk due to advancements in generative AI technology.

Speaking at the Collision technology conference in Toronto, Wilking revealed that phishing attacks have surged globally by 500 to 900 percent across various industries in the past 18 months. These cyber attacks, which deceive victims into disclosing sensitive information like login credentials or financial details, have been exacerbated by the capabilities of generative AI.

“Since the launch of ChatGPT, we’ve seen a significant increase in AI-driven phishing attempts. These attacks now mimic legitimate emails more convincingly and can be executed in multiple languages with impeccable grammar,” Wilking explained.

Travel websites are particularly lucrative targets for phishing scammers as they handle extensive personal information, including credit card details and identification documents. The inherently helpful nature of the hospitality industry also makes it vulnerable, as hotel owners may unknowingly open malicious attachments in an effort to assist guests.

To mitigate these risks, Wilking advises travelers and hosts to adopt two-factor authentication (2FA), which adds an extra layer of security by requiring a secondary verification method, such as a one-time code sent to a mobile device. Despite the initial inconvenience, 2FA is a robust defense against phishing and credential theft.

Wilking also cautioned against clicking on suspicious links or attachments, urging individuals to contact the property or customer support directly if there’s any doubt about the authenticity of a message.

Booking.com and other major companies are leveraging AI to combat these threats, employing models to detect and block fake properties designed to scam users. For instance, AI can identify fraudulent listings, such as an unusually cheap property in the Swiss Alps, and remove them before any bookings occur.

Additionally, travel sites are witnessing an increase in cyber activities by suspected state actors, particularly from Russia and China, who aim to gather intelligence or disrupt operations. Wilking noted that high-profile targets, such as hotels frequented by US senators, are particularly attractive to these actors.

[source]

Author: Terry KS

Share This Post On