AI seems to be everywhere these days, and the use of technology to raise the game with travel scams is no exception to making it more persuasive and difficult to detect.
It is important to know that business travelers are the most vulnerable, as “corporate travel managers play a key role in protecting travelers.”
“AI is no longer just targeting computer systems, it’s now used to manipulate people and target them directly,” Harrison said. “It’s a major change in travel risk.”
Business travelers are particularly vulnerable when they are in emergency or stressful situations, such as airports being closed or flights being cancelled. Deepfakes may include audio and video manipulation. “And it’s used to mimic real customer service agents, colleagues, or senior executives,” Harrison said. “Utilizing psychology, AI-driven fraud is effective because it causes fear of authority, urgency and loss.”
Signs of trouble
Business travelers should be aware of the following common fraud methods that make artificial intelligence easier to implement and more reliable for travelers who are not trained to do so:
Deepfakes: A message that pushes a sense of fear and urgency, even from “people” travelers know. These may also include unusual requests and methods for payment or cash transfers. “Mirror” Website: Creating a website using AI that looks similar to known travel supplier sites is easy. Compliance to use a dedicated corporate booking tool can avoid this risk. Scam Agent: Travelers should know their usual corporate travel process and partners. Requiring a call or interaction to an unfamiliar platform from a “travel agent” is a red flag. Even requests to update payment methods may be suspicious.
The con man said he knew business travelers would go from Washington, D.C. to Doha, Southeast Asia, he said. The flight has just landed in Doha and travelers receive a message that their connection flight has been changed. The scammer says, “You need to reserve a seat now.” And it’s hard to find that subtle contradiction, as Harrison could have had a bit of a language barrier that he added. “The next thing you know is you think you’re booking your seat on the next leg aircraft, and you’ve just been scamed.”
Another example: Most people have not received a message saying, “Hey, I lost my credit card. Can I transfer the money?” Harrison explained, saying the average person would question it. “But if you’re in a smaller mom and pop environment, or if you’re getting a panic call from someone nearby, you’ll probably act on it (you think) because they need help.”
Harrison recently broadcast a situation in which an organization focused on cyber threats took screenshots and audio clips from an interview they conducted two years ago, creating a 25-second video of Harrison talking about travel risk management. “It was very persuasive and sounded better than I was now,” he said.
Harrison said there are also virtual invitations. Assuming that the management is on a business trip and after being dropped off at the airport, the family member will receive a call from an executive saying they were invited and will have to transfer the money to a specific account. Family wires money. However, the executives are in flight and when they land, they contact their families to let them know that they have arrived.
“AI is no longer just targeting computer systems. It is now used to manipulate people and directly target them. It’s a huge change in travel risk.”
Frank Harrison of World Travel Protection
“They’ve freed you,” and the person said, “What are you talking about?” “Harrison added that these scammers prefer to use offshore bitcoin accounts, so it’s not possible to run. “It’s very effective and it’s getting very elaborate. We now need to start training travelers, identifying the risks associated with deepfakes and identifying ways to deal with them effectively.”
The more vulnerable travelers are those who don’t use corporate booking tools or travel management companies and instead decided to book directly with suppliers, but Harrison said there are fake websites that look like real companies.
“I think you just went to their website to rent a car, and you really don’t pay attention to the logo or URL, and you book a car,” he said. “But the next thing you know is that your corporate credit card has reached its peak as you entered a phishing site where you got your financial details.”
“People said that at least six different events like that happened when they were in Denver for the recent Global Business Travel Association convention where people thought they were on a legal airline page or a legal car rental or hotel (site).
Train for warning signs
The best thing a corporate travel manager can do is to look at how they structured their travel programs and how they integrated and interacted with TMC and all the different vendors. He also said, “If you see a contradiction or a deviation from the normal travel and booking process, it is a red flag.
Maintaining and sharing your approved contact list and making it easy to access, Harrison said. And “regular training helps travelers recognize and validate legitimate requests, whether it’s a travel policy, company app, or wallet card.”
“As soon as there is a contradiction, it’s where you have to stop and don’t experience what’s urgently engaging your travel manager in your IT team and potentially it’s an attack,” he said.
Another warning sign is the unusual request for a traveler’s payment method that does not involve an actual corporate credit card, Harrison said. “You may receive a request that they want you to transfer the money to your account, or they give you a digital number to send the money. It’s a red flag.”
Additional signs are if you are asked by the TMC for credit card details. “They already have it,” Harrison said. “Or you’re getting a call from someone posing as a representative of a travel agent or airline, and they want to call another platform or space you’ve never heard of before. You’re redirected to an environment that controls you, your device, your information.”
“If that’s off the norm, don’t do it,” Harrison said.
