Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Booking.com has reported a 500 per cent increase in holiday scams and warns that fraudsters are using increasingly sophisticated tactics
Will 2024 go down as the year of the holiday scam? Earlier this year, Booking.com gave perhaps the most dramatic warning to date about the deluge of tricksters preying on travellers, claiming it had seen a 500 per cent rise in crimes.
These holiday scams aren’t the kind of taxi swindles that fool tourists who have just landed in an unfamiliar country. Instead they target people who are looking to their next getaway, potentially taking them for thousands of pounds and ruining their holiday before it begins.
What is driving this crimewave? Experts at Booking.com have pointed a finger at the rise of AI, which they say is allowing fraudsters to develop fake adverts and phishing emails in a matter of seconds.
How do these very modern scams operate and what can you do to avoid falling for them? Here’s how you can stay safe from scammers in the age of AI.
By all reliable accounts, very. Lloyds bank has reported a 7 per cent increase in customers falling victim to holiday scams. They say that the vast majority of the frauds start on social media or on established travel platforms such as Booking.com, Expedia or Airbnb.
A 7 per cent jump might sound less dramatic than Booking.com’s 500 per cent rise, but remember that Lloyds is only reporting on those customers who actually fell for the scam. Many others will have been targeted.
Furthermore, industry data suggest that these kinds of scams can be highly lucrative for criminals. According to fraud reporting service Action Fraud, victims lose an average of £1,851 each time.
According to the experts, most holiday scams, whether AI-driven or otherwise, will fall into one of two models.
The first one is the old “too good to be true” trick, in which fraudsters use a fake advert to “sell” you something that doesn’t really exist. It’s a practice that’s been around for decades, but has seen a resurgence thanks to the rise of holiday platforms including Airbnb and Vrbo.
These platforms are highly-trusted and have millions of users. But they also rely on users to post adverts for their holiday lets, meaning that – in theory – scammers can take advantage by posting fake ones.
Reviews, verification and reporting make this much less likely, but it certainly doesn’t stop unscrupulous types trying. Airbnb says it removed 59,000 fraudulent listings last year, equivalent to just under 1 per cent of all the homes listed on the site.
Fake listings often pop up on these kinds of platforms during periods of ultra-high demand. Earlier this summer, for example, London councils warned about a proliferation of scam apartments being advertised around the dates of Taylor Swift’s Wembley shows.
The second model is the phishing scam, where fraudsters pretend to be a legitimate business (typically one that you already deal with) in order to extract your payment or password details.
Many of us have had fake texts about “Amazon” deliveries. But running a phishing operation for holiday deals can be trickier, as fewer people will use the particular airline or hotel in question – meaning that the scammers have to be more strategic.
For example, the fraudsters appear to be imitating popular hotel chains such as Premier Inn. In response, Premier Inn has published a page on its website telling you how to check that an email claiming to be from them is genuine.
In one particularly sophisticated scheme, fraudsters have used phishing emails to get the details of individual hotels on Booking.com and then used their profiles to extract money from legitimate customers.
Earlier this year, a number of Booking.com customers said they had been contacted through the website’s messaging system and told that their payment had been declined and that they needed to transfer money to keep their reservation.
Booking.com denies that its security has been compromised. But it does admit that certain users (ie hotel owners) are likely to have fallen for phishing scams, potentially giving criminals access to their accounts.
AI has been called the biggest productivity increase of the modern era. And this high praise has not gone unnoticed by scammers.
Booking.com’s security experts say they have seen a massive proliferation in phishing emails since the release of ChatGPT, the popular AI interface that can generate content in seconds.
Fraudsters can use these kinds of tools to pump out hundreds of realistic adverts or phishing emails on demand.
For example, it took me less than one minute to get ChatGPT to draft me a template email, written as if it had come from a hotel platform, informing a customer that they needed to resend their credit card details.
It then took another minute to generate a well-written advert for a fictional holiday let in Fitzrovia, with ChatGPT able to fill in accurate details about the local area. Both templates were clear, professional and very persuasively written.
That’s a big problem, given that scam experts have traditionally highlighted badly-written text as a giveaway that an advert might not be genuine.
Unfortunately, there are no quick fixes. Instead, most experts tend to stress one tip: do your homework.
“Whilst legitimate cheap flights and beautiful holiday homes are definitely out there, it’s important that people take steps to ensure they are purchasing something that’s real,” says Liz Ziegler, a fraud prevention lead at Lloyds.
As for spotting phishing emails, you should always look very carefully at the email address itself, as well as any links included. If you have the slightest doubt, you can always contact a booking platform or hotel directly (through their website or call centre).
Both Booking.com and Airbnb insist that users should keep all communications and payments on their platform. If a hotel or host wants you to pay directly, you should report it as a potential scam.
All of the travel platforms mentioned say they are doing what they can to remove scam ads as quickly as possible.
Airbnb says it is also looking to use AI to help find fraudulent listings. It also has a new verification process so hosts can prove their property exists and is in the location they claim it is.
When I asked Booking.com what it was doing about the problem of its partners being targeted by phishing emails (allowing fraudsters to access their account) they told me: “Phishing attacks by professional criminals pose a significant challenge for travel and many other industries. While not unique to Booking.com, we continue to invest significantly to limit the impact of scams, using the latest technology and innovations.”
“Contact your bank as soon as possible,” says Liz Ziegler from Lloyds. She adds that your position is stronger if you paid using a debit or credit card, as there are means to challenge the payment.
If you have transferred money to a scammer directly, it may be more difficult. Most high street banks have signed up to a voluntary code to reimburse customers, but they can still reject your request if they feel you were not careful enough.
If the scam involves a travel platform, you should also contact them as soon as possible – not least so they can close the fraudsters’ account and protect other people.
Recommended