AI is helping drive a new wave of scams, with Booking.com reporting a 900% increase in those targeting the travel industry.
Scammers have long used phishing techniques to steal from unsuspecting members of the public, who are led to believe an email purporting to be from their bank is the real deal – even though it isn’t.
However, generative AI tools such as ChatGPT have made this easier than ever for the cybercriminals, who can instruct the technology to write them authentic-looking email content with just a few simple prompts. In such well-written, error-free content there are fewer red flags alerting recipients to the fact that the email may not be quite as it seems.
Head of internet safety at Booking.com, Marnie Wilking, told the BBC: “Of course, we’ve had phishing since the dawn of email, but the uptick started shortly after ChatGPT got launched.
“The attackers are definitely using AI to launch attacks that mimic emails far better than anything that they’ve done to date.”
She added that Booking.com itself had seen anywhere between a 500 to 900% increase in travel scams over the past 18 months.
The site – along with others such as Airbnb – is particularly vulnerable as it allows people to list their own places to stay, instead of simply featuring larger and more reputable hotels.
Scammers typically list a place to stay, then vanish without trace once they have received payment, or in some cases try to take even more money with follow-up emails and messages. The victim only then realises they have been scammed when they arrive at their destination without a legitimate reservation (and in some cases where the property advertised doesn’t even exist).
Wilking called on others within the tourism industry to put measures in place to better protect consumers, such as two-factor authentication which requires a confirmed address or landline number before accommodation can be listed online. Such measures, she said, were “the best way to combat phishing and credential stealing.”