The hotel booking platform warns against the use of ChatGPT by scammers to scam customers and hoteliers alike.
As the summer holidays dawn, the head of internet security at the Dutch hotel reservation platform Booking recommends being wary of scams carried out using powerful artificial intelligence (AI).
Marnie Wilking, head of information security at Booking, believes that generative AI has caused an explosion in phishing scams and that the hotel and restaurant sector , long spared, has also become a target.
“Over the past year and a half, all industries combined, we have seen an increase of 500 to 900% in attacks, particularly phishing, around the world,” Marnie Wilking told AFP on the sidelines of the Collision technology conference in Toronto.
“Phishing” (or “phishing”, in French) consists of the theft of identity or confidential information (access codes, bank details, etc.) by subterfuge, via a link contained in an email.
ChatGPT used by scammers
An authentication system is simulated by a malicious user, impersonating official bodies, such as banks, delivery platforms or customs authorities.
The objective is to convince the victim to visit the fraudulent site – which resembles the authentic site – so that they enter confidential information.
Travel websites can be a goldmine for phishing scammers, as travelers often need to provide credit card details or upload identification.
If phishing already existed through email, this expert notes that “the increase began shortly after the launch of ChatGPT”, at the end of 2022, which generates content on a simple request in everyday language.
Hackers are “undoubtedly using artificial intelligence to launch attacks that mimic emails much better than anything they’ve done before,” said Marnie Wilking.
Thanks to generative AI tools, scammers can now work in multiple languages and with better grammar than before, according to Marnie Wilking.
As a favor to a so-called guest, a hotelier will likely “open the attachment,” which is actually malware, that “takes advantage of the helpful nature” of the industry.
To stay safe, travelers and hosts should sign up for two-factor authentication when surfing the internet.
In addition to providing a username and password, two-factor authentication requires users to verify their identity through an additional factor, such as a one-time code sent to their mobile device or generated by an authenticator application.
“I know it can be a little painful to set up,” admits this expert, believing that this additional step “remains by far the best way to fight against phishing and the theft of identification data”.
“Don’t click on anything that looks suspicious” and “if you have any doubts, call the property, hosts and customer service,” she advises.
For Marnie Wilking, the Booking site and other major players in the sector are cooperating closely by relying more and more on AI in this fight, which contributes, for example, to thwarting the proliferation of false properties on platforms published in a price well below the market.
“We have artificial intelligence models in place to detect these scams and either prevent them from the start or remove them before there are any bookings,” she explains.
Still marginal for the moment, travel sites have seen a proliferation of alleged state actors – believed to be Russia and China, accused of carrying out malicious acts online or spying on customers.
“Why would a nation state go after a hotel chain? If it’s a hotel chain that they know is frequented by a U.S. senator, why wouldn’t they go after her?”, she points out.
