(Toronto) As the summer holidays approach, the head of internet security at Dutch hotel booking platform Booking is warning people to be wary of scams using super-powerful artificial intelligence (AI).
Marnie Wilking, head of information security at Booking, believes that generative AI has led to an explosion in “phishing” scams and that the hotel and restaurant sector , long spared, has also become a target.
“Over the past year and a half, across all industries, we have seen an increase of 500 to 900% in attacks, particularly phishing, around the world,” Ms. Wilking told AFP on the sidelines of the Collision technology conference in Toronto.
“Phishing” consists of the theft of identity or confidential information (access codes, bank details, etc.) by subterfuge, via a link contained in an email.
An authentication system is simulated by a malicious user, impersonating official bodies, such as banks, delivery platforms or customs authorities.
The objective is to convince the victim to visit the fraudulent site – which resembles the authentic site – so that they enter confidential information.
Travel websites can be a goldmine for phishing scammers, as travelers often need to provide credit card details or upload identification.
If phishing already existed through email, this expert notes that “the increase began shortly after the launch of ChatGPT”, at the end of 2022, which generates content on a simple request in everyday language.
Hackers are “undoubtedly using artificial intelligence to launch attacks that mimic emails much better than anything they’ve done before,” Wilking said.
Thanks to generative AI tools, scammers can now work in multiple languages and with better grammar than before, Wilking said.
To help a supposed customer, a hotelier will “likely open the attachment,” which is actually malware, “taking advantage of the helpful nature” of the industry.
To stay safe, travelers and hosts should sign up for two-factor authentication when surfing the internet.
In addition to providing a username and password, two-factor authentication requires users to verify their identity through an additional factor, such as a one-time code sent to their mobile device or generated by an authenticator application.
“I know it can be a little painful to set up,” admits this expert, believing that this additional step “remains by far the best way to fight against “phishing” and the theft of identification data.”
“Don’t click on anything that looks suspicious” and “if you have any doubts, call the property, hosts and customer service,” she advises.
For Marnie Wilking, the Booking site and other major players in the sector are cooperating closely by relying more and more on AI in this fight, which contributes, for example, to thwarting the proliferation of false properties on platforms published in a price well below the market.
“We have artificial intelligence models in place to detect these scams and either prevent them from the start or remove them before there are any reservations,” explains this woman with round colored glasses.
Still marginal for the moment, travel sites have seen a proliferation of alleged state actors – believed to be Russia and China – accused of carrying out malicious acts online or spying on customers.
“Why would a nation state go after a hotel chain? If it’s a hotel chain he knows a U.S. senator frequents, why wouldn’t he go after her? », she points out.