Holidaymakers in France hit by huge surge of online crime aided by AI

Online phishing scams have increased by up to 900% in the past 18 months, a hotel expert warns

A graphic of a man creating a phishing scam on a computer
“Scammers are using AI to launch attacks that mimic emails far better than anything they've done before,” says head of security at Booking.com
Published

Holidaymakers in France have been warned to stay alert over increasing cases of online fraud and scams, which has been partly facilitated by the rise in artificial intelligence (AI).

People in France (and further afield) should be on the lookout for scams that have been ‘improved’ in their effectiveness by AI, making them more convincing and difficult to spot, warned Marnie Wilking, top security officer at hotel platform Booking.com.

In an interview with AFP, Ms Wilking said that generative AI (such as that used by the ChatGPT tool) has led to an explosion in phishing scams within the hotel sector.

What is phishing?

Phishing is the theft of identity or confidential details via a link, usually in an email or text, which takes victims to a fraudulent webpage that looks very similar (if not identical) to a genuine site, for example, a bank or a hotel booking homepage.

The aim is to trick the victim and get them to enter their details on the site, which can then be stored by scammers.

"Over the last year and a half, across all industries, there has been a 500% to 900% increase in attacks, particularly phishing attacks, worldwide,” said Ms Wilking, adding that "the increase began shortly after the launch of ChatGPT”.

Read also: ‘Smishing’: Warning over this common scamming trick in France 

How does AI help make scams more convincing?

ChatGPT is a free AI tool that generates text based on simple prompts. Although it – and other AI tools – are designed to be used genuinely, fraudsters can use it to help write scripts or convincing emails for their scam attempts.

For example, they can use it to write emails in several languages, with better grammar and spelling than they could achieve without the use of AI. 

The emails may also be written more convincingly, tempting people to open the attachment or link included. 

This can then either lead to a phishing attack, or to malware being installed on the victim’s device, which can capture their data or sell them fraudulent software later.

“[Scammers] are undoubtedly using artificial intelligence to launch attacks that mimic emails far better than anything they've done before,” said Ms Wilking.

Hotel owners, managers, and guests may be particularly susceptible to these scams, as they are paying relatively large sums of money for accommodation, and/or include personal data and payment details on booking and confirmation forms.

Read also: Bank call scams: why more people are being caught out in France 

Read also: Seven much-used scams to watch out for in France 

How can I avoid being taken in by these scams?

The internet security expert warned hoteliers and guests to never “click on anything that looks suspicious” and "if you have any doubts, call the [hotel] property, the hosts and/or the customer service" before you enter any data or details, she said.

Another way to avoid these scams is to set up two-factor authentication on your device for common accounts. 

This means that as well as a username and password, you also need a code sent to a separate device (usually your phone) to log in to a given site, or make payments online.

Most websites and payment portals will enable (and encourage) you to set up two-factor authentication for added security.

"I know it can be a bit of a pain to set up,” said Ms Wilking, “[But it] remains by far the best way of combating phishing and the theft of identification data.”

Even if you think a message could possibly be genuine, it is best to err on the side of caution, and keep to the following advice:

  • Never click on a link sent in a text message

  • Instead, navigate to the website manually in a separate browser, and check the URL carefully

  • Do not enter your payment details on a website sent by SMS (text message)

  • If in doubt, do not click or fill in any forms or pay any money, and contact the relevant authority, agency, or company first

If you think you have fallen victim to a scam, call your bank, and report it to this government website.