Look Out for AI Booking Scams

Look Out for AI Booking Scams

As you trawl your favorite travel apps for the best deals, know that you’re not alone; online scammers are also searching—for you. Cybersecurity experts say that adopting a healthy amount of skepticism while shopping for deals can help to fend off would-be scam artists. That may mean changing some of your online habits, but as famous author and skeptic Isaac Asimov wrote in his novel The Naked Sun, “Victories over ingrained patterns of thought are not won in a day or a year.” It may require time, trial, and a few errors to fight online criminals effectively, but knowing what you’re up against is half the battle.

We’re here to help you understand what you’re up against and what you can do to protect yourself.

The Anatomy of a Travel Scam

Here’s how the grift works: Scammers lure victims by posting fake ads on vacation rental sites using stolen or AI-generated media. The ads often show deeply discounted prices for accommodations in popular vacation hotspots. Clicking on a link in the listing may send you to a fake booking website that infects your device with malware or simply collects your banking details and other personal information. By the time you arrive at the address for your supposed vacation, the scammer is long gone.

According to a May 2024 report from cybersecurity vendor McAfee, online travel scamming is big business. One in three survey respondents said they’d been caught in a travel-related scam, and almost a quarter of them lost more than $1,000 in a single scam.

Earlier this year, I interviewed Abhishek Karnik, McAfee’s head of threat intelligence research. During our conversation, Karnik told me that scamming is built on social engineering, and the best social engineers know how to quickly and seamlessly elicit trust from their targets. He recommends maintaining a base-level of skepticism when browsing online. Karnik also warned that generative-AI powered software adds a new, somewhat scary obstacle when dodging scammers online.  

“In today’s day and age, seeing and hearing is not believing in many cases,” said Karnik. That’s because new tools powered by generative AI can create a deepfake of a person using just a photo, a short video clip, or a few minutes of audio.

AI-Powered Apps Make Creating Deepfakes Easy

I also met with Ben Jacob, a senior security researcher at SecureWorks. He and his team showed me how to use free or inexpensive generative AI tools to create video and voice deepfakes. In the demonstration, Jacob only needed a short video clip taken from his company’s YouTube channel to produce an audio clone of himself. Inputting a three-minute video sample produced a believable deepfake of Jacob’s voice, complete with a slight French accent.

Scammers can use real people’s photos, videos, and voices to help make their crimes more believable. “Everybody has a Facebook profile with pictures that can be animated,” Jacob said. “People have videos on YouTube or even LinkedIn profile photos. It should be concerning for everybody.”

How Generative AI Complicates Scam Spotting

According to the McAfee report, the most common scams reported by travelers involve stolen credit card or banking details after entering the information on a fake website, clicking on phishing links, or encountering fake vacation destination photos. Criminals can whip up fake websites, fake accommodation photos, and even fake travel agents easily using third-party tools that operate without the content generation restrictions imposed by OpenAI or Microsoft.

Other data in the McAfee report reflects public concerns about tech-assisted scams. Over half (57%) of Americans surveyed said they worry about scams enhanced using AI and deepfakes. A third of the respondents said their trust in planning and booking vacations online decreased.

I asked Karnik what cybersecurity industry leaders can do to fight the growing scam problem online, and his suggestion was simple: “You have to use technology to help you. In our world, we are using AI to fight AI.” He noted that his company is adding AI features to its security tools that humans can use to fend off clever social engineering scams.

Stay Vigilant While Making Summer Travel Plans

Ultimately, it’s up to all of us to protect ourselves, and working vigilance into your online routine may be a good place to start. “It’s important to strike a balance between the excitement of planning and the need for caution,” said Karnik. He suggests using a password manager to store your login information for every website, examining the website address bar to verify you are booking with a legitimate company, doing a reverse-image search for listing photos on vacation booking sites, and reading reviews of the property or website before booking.

The Best Password Managers

Another defense strategy is to become familiar with common social engineering tactics. Romance scammers and tax season scammers are great at using high-pressure sales tactics and luring in people by being overly affectionate or overly familiar with their targets while offering deals that are too good to pass up (and also too good to be true).

Embrace your inner skeptic, even if it dims your optimism a little. If a deal seems too good to be true, keep scrolling. If your gut tells you something is wrong with a vacation listing, or that the voice of the salesperson on the phone doesn’t sound quite right, or that the syntax of the text you received doesn’t make sense, don’t ignore that feeling. The experts I spoke to agreed that slowing down and listening to your intuition while shopping online for travel deals can help you avoid sneaky social engineering strategies.

Originally Appeared Here