Travel is something of an easy target for cybersecurity attacks due to the nature of hospitality—and artificial intelligence (AI) may be increasing the risk for travel brands.
“We are there to help serve people, and we want to help people. And so a lot of folks in the hospitality industry are trying to make sure that they're giving their customers a good experience,” said Marnie Wilking, chief security officer at Booking.com, during an onstage interview at Phocuswright Europe in Barcelona.
Subscribe to our newsletter below
According to Wilking, a scammer will pose as a customer and ask the hotel for help, eventually infecting their technology with malware or taking over accounts. Or, vice versa, a hacker will pose as a travel company reaching out for payment.
Interviewer Lorraine Sileo, senior analyst and founder of Phocuswright Research, said that because the hospitality industry is built on trust, it’s more susceptible to these attacks.
Wilking dove into the schemes the industry should be aware of, starting with a scam that feels as old as time—or at least as old as the digital age.
“Phishing has been around since the dawn of email,” she said, adding that she still has a Yahoo email from the late '90s and remembers the first time she receive spam and phishing emails.
“We've actually seen a rapid increase in phishing, depending on which research you look at. Some researchers will say it increased by 300%, some will say it increased by almost 1,000%—but since November 2022, it's increased significantly.”
ChatGPT is at the root of that spike, according to Wilking, who said that attackers can create more realistic phishing emails in multiple languages with fewer noticeable grammatical mistakes.
Another type of cyberattack, known as credential stuffing, has also increased, she said.
“The attackers farm all of those credentials—so the emails and the passwords that go with them—and they will sell them on the dark web,” Wilking said. “People tend to reuse passwords because passwords are hard to remember … but what happens then is the attackers take these credentials and then create scripts that go out to Amazon, Wayfair, Netflix, you name it, and just try to log in with this combination of email and password.”
There are a few other trends right now, too. Wilking pointed to nation state attacks, for example, which have traditionally involved espionage but now involve targeting smaller companies in order to reach larger companies that work with them.
As the list of threats grows, Wilking dove further into how to protect guests through prevention, detection and education. The wide-ranging conversation also touched on how AI is being implemented to combat cybersecurity attacks, tips for travelers and more.
Watch to the full conversation below:
Executive Interview: Trust, Threats and Technology—Securing Travel at Scale