AI-related travel scams | The Booking site sounds the alarm

(Toronto) As the summer holidays dawn, the head of internet security at the Dutch hotel reservation platform Booking recommends being wary of scams carried out using powerful artificial intelligence (AI).


Marnie Wilking, head of information security at Booking, believes that generative AI has caused an explosion in phishing scams and that the hotel and restaurant sector , long spared, has also become a target.

“For a year and a half, all industries combined, we have seen an increase of 500 to 900% in attacks, particularly “phishing”, throughout the world,” says M.me Wilking to AFP on the sidelines of the Collision technology conference in Toronto.

PHOTO COLE BURSTON, AGENCE FRANCE-PRESSE

Marnie Wilking, Head of Information Security at Booking

“Phishing” consists of the theft of identity or confidential information (access codes, bank details, etc.) by subterfuge, via a link contained in an email.

An authentication system is simulated by a malicious user, impersonating official bodies, such as banks, delivery platforms or customs authorities.

The objective is to convince the victim to visit the fraudulent site – which resembles the authentic site – so that they enter confidential information.

Travel websites can be a goldmine for phishing scammers, as travelers often need to provide credit card details or upload identification.

If phishing already existed through email, this expert notes that “the increase began shortly after the launch of ChatGPT”, at the end of 2022, which generates content on a simple request in everyday language.

Hackers are “undoubtedly using artificial intelligence to launch attacks that imitate emails much better than anything they have done so far,” said Ms.me Wilking.

Thanks to generative AI tools, scammers can now work in multiple languages ​​and with better grammar than before, says Mme Wilking.

As a favor to a so-called guest, a hotelier will likely “open the attachment,” which is actually malware, that “takes advantage of the helpful nature” of the industry.

“False properties”

To stay safe, travelers and hosts should sign up for two-factor authentication when surfing the internet.

In addition to providing a username and password, two-factor authentication requires users to verify their identity through an additional factor, such as a one-time code sent to their mobile device or generated by an authenticator application.

“I know it can be a little painful to set up,” admits this expert, believing that this additional step “remains by far the best way to fight against “phishing” and the theft of identification data.”

“Don’t click on anything that looks suspicious” and “if you have any doubts, call the property, hosts and customer service,” she advises.

For Marnie Wilking, the Booking site and other major players in the sector are cooperating closely by relying more and more on AI in this fight, which contributes, for example, to thwarting the proliferation of false properties on platforms published in a price well below the market.

“We have set up artificial intelligence models to detect these scams and either prevent them from the start or remove them before there are any reservations,” explains this woman with round colored glasses.

Still marginal for the moment, travel sites have seen a proliferation of alleged state actors – believed to be Russia and China – accused of carrying out malicious acts online or spying on customers.

“Why would a nation state go after a hotel chain? If it’s a hotel chain that he knows is frequented by a US senator, why wouldn’t he go after her? », she points out.


source site-50

Latest