Cyber Threats Escalate in Global Travel Industry
Andersen Cheng, CEO of cybersecurity firm Post-Quantum, takes no chances when booking travel—manually entering URLs, avoiding Google links, and never storing card details. While his caution stems from a professional mindset, his behavior reflects a growing need for vigilance as cyber threats surge in the travel industry. With online travel agencies and hotels facing increasing scams, experts warn that advancing technologies are fueling attacks that could pose an existential risk in the near future.
Phishing scams are among the most prevalent threats. According to Adyen’s Hospitality Report 2024, 71% of travelers are concerned about booking fraud. In the UK, Airbnb reports credit card and phishing scams are rampant, costing victims an average of £1,937. Many of these scams are now powered by artificial intelligence, with nearly two-thirds of adults unable to spot AI-generated fake property listings. Booking.com reported up to a 900% increase in phishing attacks in the past year due to AI’s capabilities.
Common vulnerabilities like Cross-Site Scripting (XSS) and open redirect flaws remain easy targets for attackers. These flaws often go unchecked in complex travel tech systems and booking flows. HackerOne and the Identity Theft Resource Center both report a rise in breaches stemming from outdated or insecure systems. Meanwhile, incidents of fraud through fake hotel listings and hacked accounts have prompted alerts from UK’s Action Fraud and consumer watchdogs.
Third-party platforms and affiliate integrations introduce more risk. Social media campaigns and multi-vendor booking systems often expand the “attack surface,” making it easier for cybercriminals to gain access to customer data. A 2023 breach involving Caesars Entertainment began with a social engineering attack on a third-party vendor, leading to a $15 million ransom. Open redirect vulnerabilities also surged 92% last year due to marketing-heavy link usage across platforms.
More sophisticated threats are emerging as well. Cheng warns of the looming impact of quantum computing, which could render today’s encryption obsolete. His company, Post-Quantum, is developing future-proof cybersecurity solutions, including decentralized identity systems that rely on attestation rather than traditional authentication. He argues this method limits the ability of hackers to assemble complete user profiles, making attacks harder to execute.
Booking.com emphasizes its investment in AI and machine learning to detect fraud early and educate customers on staying secure. Still, the industry’s fragmentation and fast pace of tech adoption leave gaps. Cheng, along with other experts, highlights that even the most advanced tools are ineffective without well-informed users and staff. Many breaches begin with simple phishing attacks where hotel employees fall for spoofed login pages found through search engines.
Cybersecurity failures can be costly. Marks & Spencer lost £1 billion in value after a ransomware attack in April, and construction firm Arup lost $25 million in a deepfake scam. In travel, such losses are compounded by reputational damage and eroded trust. Experts say the best defense includes not just robust systems but also continuous education for both employees and consumers to guard against evolving digital threats.
Related news: https://airguide.info/category/air-travel-business/artificial-intelligence/, https://airguide.info/category/air-travel-business/travel-business/