Summer is a popular time for vacation travel. If you’re looking to squeeze in any last-minute travel, there is a scam circulating that you need to be aware of. As costs for everything from food to travel continue to increase, the logical step is to search for the best deals online to book a memorable trip without breaking your budget. According to Booking.com, cybercriminals have decided to capitalize on this need and are now using one scarily convincing, AI-generated phishing e-mail that can cost victims way more than their vacation fund. Booking.com’s CISO, Marnie Wilking, shared that the organization has seen a 500% to 900% increase in travel-related scams in the past 18 months using this malicious tactic.

How are these scammers doing it? Phishing e-mails have existed since the dawn of the Internet, but AI tools like ChatGPT are making it increasingly easy to create realistic and professional scam e-mails that are more likely to trick readers. In the past, phishing e-mails were riddled with red flags such as spelling and grammatical errors. With the rise of AI, it’s easier for cybercriminals to pump out dozens of seemingly legitimate e-mails that often go undetected by software and readers.

Here’s how they work:

Scammers will use sites like Booking.com or Airbnb.com that allow people to list their places as short-term rentals. The scammers send out e-mails offering incredible rates or time-sensitive deals on nonexistent properties. After someone pays, the cybercriminals will either disappear with the money, leaving the renter without a place to stay, or use follow-up e-mails to collect additional “fees” or “charges” before vanishing.

To be clear, these vacation-focused phishing scams are NOT new. The problem now is that, with AI, more people are falling for them because these e-mails are becoming more convincing.

What can you do?

Vacationers can take several key steps to ensure they’re not being duped.

  1. Use two-factor or multifactor authentication, where applicable. Having a confirmation code sent to your phone every time you log in will help prevent phishing attacks and credential theft.
  2. Avoid clicking on e-mail links. If you receive an e-mail promoting a too-good-to-be-true deal, remember, it is likely too good to be true! Go to the website and search for the special. If you can’t find it, there is a chance you will avoid a scam.
  3. Before booking ANY property online, make sure contact information and reviews are readily available. Have other verified users stayed at the property? If so, it’s less likely to be a scam.
  4. Use credit cards for online purchases. Using debit cards that are linked directly to your bank account is dangerous. When theft occurs from your debit card, it is difficult to get your money back – if you get it back at all. Using a credit card provides an additional layer of protection.

The most important thing is to stay vigilant. Analyze every e-mail offer you receive and follow cyber security best practices. Standard security software can help detect some of these scam e-mails, but often not all of them, so it’s important to be cautious and look for red flags.

Personal scams may ruin a vacation, but business breaches can cost you and your family their livelihood. To keep your network secure, call us at 281-367-8253 or click here to book a FREE 15-minute discovery call with our cyber security experts, who can help you create a plan that protects you. We are here to help! Enjoy a well-deserved break this summer, and remember to be cybersmart.