Safeguarding Against AI-Driven Travel Frauds This Eid
Eid al-Fitr is still on going and many Malaysians will make travel plans to reconnect with friends and family after the Ramadan fasting period. This however is also a period that threat actors will exploit for opportunistic gains. After all, who can resist the bright allure of vacation deals and online travel discounts?
At Palo Alto Networks, we have seen evidence that adversaries have already begun to experiment with and leverage AI in their attack methods1. This Eid, threat actors will seize on the demand for travel deals and tickets to unleash a flurry of AI-driven scams, particularly through social engineering and phishing. In 2023 alone, over RM1 billion was lost to scams and scam ads according to PDRM.
One prevalent scam that Malaysian travellers need to watch out for is AI-generated fake travel deal promotion. Cybercriminals have leveraged the prevalence of gen AI to produce extremely realistic emails, texts and social media posts at scale, advertising too-good-to-be-true travel package offers that appear to come from major airlines, hotel brands or online travel agencies.
For example, you might receive an email claiming to be from a popular Malaysian travel site advertising a luxurious 6-night stay at a 5-star resort in Bali for only RM500 – including flights. The compelling ad copy, familiar branding and formatting could easily fool people into clicking through to a rogue site designed to steal payment details and install malware.
Another scam that employs AI-generated deepfake audio or video to power social engineering attacks exploiting fears around travel emergencies and crises. Using sophisticated voice cloning and facial mapping, scammers can create fake videos of loved ones claiming to have been mugged, injured or arrested while travelling abroad. They then make urgent pleas for money transfers to pay for emergency expenses.
You could receive a distressing video call that appears to show your parents or siblings claiming their passports and belongings were stolen. With the realistic deepfake audio and video, it’s understandable that panicked victims might quickly transfer money to the provided account before identifying the deception.
Smishing attacks represent another growing travel threat to be aware of. With smishing, you receive AI-crafted SMS messages about fake flight cancellations, schedule changes or new travel fees that must be paid. The context-aware language models allow these messages to be precisely personalized with details like your name, flight numbers and travel dates to heighten authenticity. The malicious link directs users to a phishing site aimed at harvesting login credentials for account takeover fraud.
Here are some essential tips to protect yourself from these sophisticated scams this Eid:
-
Be extremely cautious of any unsolicited emails, texts or calls regarding travel deals, cancellations or emergencies – even if they appear to be from legitimate companies you know and use. Verify directly through official websites and customer service channels before taking any action.
-
Never click on links or attachments from unknown senders or suspicious messages. Doing so could install malware and compromise your device. Bookmark travel providers to ensure you’re accessing their real sites.
-
When booking travel, always use reputable providers and be wary of websites with strange URLs or messages urging you to bypass payment portals and transfer money directly.
-
Enable multi-factor authentication on all accounts to prevent unauthorized access and account takeover attempts. Use unique passwords for different sites.
-
Use a reputable VPN service when connecting to public WiFi while travelling to prevent eavesdropping and man-in-the-middle attacks.
While AI can significantly enhance products and services, it is increasingly being weaponized by malicious actors in sophisticated ways. As AI capabilities continue to advance, we can expect to see more convincing travel scams emerge.
Sarene Lee, Country Manager, Malaysia at Palo Alto Networks, said, “People’s constant search for good-for-value travel deals creates a vulnerability that scammers will exploit. Let’s not also forget that the travel industry is a treasure trove of sensitive customer data and data is a currency that bad actors are extremely attracted to. While consumers need to stay vigilant to scams, travel companies equally should stay abreast of adversaries by preparing for zero-day attacks.”
At Palo Alto Networks, we are committed to raising cybersecurity awareness and sharing best practices to help Malaysian consumers and businesses defend against the latest AI-fueled threats. Stay vigilant this festive period and enjoy safer Eid celebrations with friends and family.