Holidays with Booking.com: Beware of New Scams with Fake Listings
Be careful when you book hotels on Booking.com! The popular platform has seen a rise in fake listings, with ChatGPT and other AI tools deceiving users.
If you're looking to travel this summer, you might use travel websites like Trivago, Booking.com, AirBnb, and Kayak to book your stay. These platforms are very convenient, but beware of a recent surge in scams.
Summer is a prime time for fraudsters, who become more active and creative in targeting tourists looking for good deals. Criminals exploit this be creating fake holidays with irresistible offers and big discounts to lure victims. Due to their popularity and large user base, online booking platforms are regular targets.
Booking.com, a well-known hotel booking site, has raised concerns about the increase in scams, especially phishing attacks. "In the past year and a half, across all industries, we've seen a 500 to 900% increase in attacks, especially phishing, worldwide," said Marnie Wilking, Chief Information Security Officer at Booking.com, during the Collision technology conference in Toronto. This increase is partly due to cybercriminals' use of ChatGPT, which has noticeably increased since the chatbot's release.
Phishing involves stealing identities or confidential information (like access codes, personal data, and bank details) through deceit, often via a link in an email. Using generative AI tools, scammers "mimic emails far better than they ever have before," allowing them to operate in multiple languages and improve their spelling and grammar, avoiding the mistakes that typically reveal fraudulent emails.
Scammers also contact hotels directly, posing as customers through emails with infected attachments, aiming to compromise the hotel's servers.
To protect yourself from these scams, activate two-factor authentication when registering on the platform. This adds an extra layer of security by requiring you to validate your identity with a one-time code sent to your smartphone or generated by an authentication app, in addition to your username and password. Also, use common sense: if a link seems suspicious, don't click on it. If in doubt, call the establishment directly. And as the old adage goes... if it looks too good to be true, it probably is.