AI-Driven Phishing Threatens Tourists, Warns Booking Executive

Generative artificial intelligence has triggered a surge in phishing within the travel industry, according to Booking’s Chief Information Security Officer, Marnie Wilking, as reported by International Business Times.

She urged travelers to exercise caution when booking hotels, as fraudsters may distribute malware through phishing emails.

“Over the past year and a half, the number of attacks, particularly phishing, has increased by 500-900% across all industries worldwide,” Wilking noted.

Malefactors became more active shortly after the launch of ChatGPT, discovering that AI can compose emails with high-quality grammar in various languages.

Clients of travel websites are attractive targets for scammers because they are often asked to provide credit card information, family details, or upload identification documents.

In one instance, a victim was offered to rent a non-existent property in the Swiss Alps for $200 per night, while similar properties cost $1000.

“Do not click on anything that looks suspicious, even if you think it might be real. If there is even the slightest doubt, call the hotel, owners, and support service,” Wilking advised.

She added that Booking and other major companies use artificial intelligence to combat fraudsters, helping to prevent the spread of fakes.

The Rise of AI-Driven Phishing

Security firm SlashNext reported that the number of phishing attacks via email increased by 856% over the past year, and since the launch of ChatGPT in 2022, by 4151%.

“A scammer can prompt AI to write an email very quickly and in any language at virtually no cost. You’ll see that they are written not only in English—I can write in multiple languages and address many people around the world in just seconds,” stated SlashNext CEO Patrick Harr in an interview with Decrypt.

Other Attack Methods

Previously, the SlashNext team investigated services available to cybercriminals and found that they can send hundreds of thousands of phishing SMS messages at a cost of $0.004 each.

According to Harr, “smishing” is becoming an increasingly popular and dangerous method of attacking mobile phones.

“Obviously, we’ve long moved to mobile communication, and people are used to using text messages, and bad actors always go where it’s convenient for you and try to interfere. We’ve seen changes in ‘smishing’ in that it’s no longer just ‘click here because your gift package is already on the doorstep,'” he noted.

Additionally, due to the popularization of QR codes during the COVID-19 pandemic, fraudsters are also using this technology to try to make potential victims pay for something, disclose confidential information, and passwords.

Juice jacking is another dangerous attack vector targeting travelers. The Federal Communications Commission of the United States highlighted in April 2023 that charging a phone at free stations with USB ports poses a risk.

Hackers can upload malware to such devices to gain access to gadgets for the purpose of stealing personal data or passwords.

In October, SlashNext found that since the launch of the ChatGPT chatbot, the number of phishing emails has soared by 1265%.

As reported by SlowMist, phishing is one of the main reasons for the loss of funds by cryptocurrency users.