AI travel scams surge 900% as scammers exploit deepfakes and fake booking sites to deceive travelers

How Scammers Are Using AI to Target Travelers

If you are planning spring or summer travel, you may want to slow down and pay close attention to the process. Scammers have a lot to gain by targeting travelers: The Federal Trade Commission tracked more than 58,000 reports of travel, vacation, and timeshare plan fraud in 2024 totaling $274 million in losses. And AI is helping them get away with it. Some of the most common travel scams involve impersonation: of people, brands, and listings. For example, fraudsters will post fake vacation rental listings and collect payment (sometimes by pressuring you to use wire transfers or peer-to-peer apps) and leave you stranded with no place to stay or stuck in accommodations way worse than what you booked and paid for. On the back end of a trip, a dishonest host may try to make fraudulent damage claims and pressure you into paying hundreds or thousands of dollars for something you didn't do. Scammers will also impersonate travel agents and booking platforms, allowing them to collect sensitive personal information and money before you clock the fraud. Booking.com is a common target for scams. Multiple campaigns have used a spoofed version of the site to spread malware -- another known as "I Paid Twice" targeted both Booking.com and Expedia. Other travel scams involve fake flight cancellation notifications (which direct you to rebook on a phishing website), fake customer service numbers promoted via both sponsored ads and legitimate business listings, and deals that are too good to be true. These days, even savvy consumers can fall victim to these travel scams. As travel expert and consumer advocate Christopher Elliott writes for The Seattle Times, AI has rendered traditional scam red flags practically obsolete. We can no longer rely on obvious grammar and spelling errors to differentiate between what's real and what isn't, as tools like ChatGPT and Gemini are capable of nearly flawless replication of human speech and generating authentic-looking content -- like photos, rental listings, and entire websites -- in almost no time. According to McAfee, one of the most common ways AI has changed the travel scam landscape is via voice cloning. Threat actors can make deepfake calls using just a few seconds of voice samples pulled from promotional material or customer service recordings. You may not be able to differentiate between a fake airline representative, hotel staff, or travel agent and a real one, and fraudsters use this to get everything from passport information to credit card numbers. AI also makes phishing attempts far harder to spot, as scammers can craft booking confirmations and other communication using authentic branding and perfect text. And fake booking sites (as described above), rental listings, and tour pages are nearly indistinguishable from real ones, thanks to AI-generated photos, videos, and reviews. Thankfully, AI hasn't eliminated every scam indicator. Urgency should always raise alarms, as scammers count on targets responding to demands before having time to think. If you're being pressured to provide information or pay money or book before a deal expires, it might be a scam. Slow down and verify before taking action. If you're asked to send money via crypto, wire transfers, gift cards, or apps like Venmo and Zelle, it's almost certainly a scam. Always book travel over trusted platforms using credit cards, which have fraud protection and can be tracked or disputed. If a customer service rep contacts you about your trip, ask them to verify your booking details before providing any additional information. If they cannot confirm things like your reservation number or card on file, they are likely not legitimate. If you're unsure, hang up and call the hotel, airline, or travel agent using contact information obtained from an official source. Finally, check travel websites carefully for subtle signs of a scam. Be wary of URL tricks like homograph attacks and typosquatting, which are used to spread malware. Legitimate businesses will also have contact information and privacy policies on their websites. Avoid getting to websites through search results and unsolicited emails and social media messages -- instead, go directly through trusted communication or type the correct URL into the address bar.

AI is making travel scams nearly impossible to spot. Here's what to do

Randy Rupp thought he'd seen it all. A retired federal law enforcement agent with years of experience spotting fraud, he and his wife, Becki, were planning a hiking trip to Italy's Dolomites. They'd booked their hotel in Bolzano months earlier through an online travel agency. Then came the WhatsApp message that nearly got them. The message appeared to come from hotel staff and included specific details about their booking. "It was very well written," says Becki Rupp, a travel coach who's helped countless clients navigate travel logistics. The scammer requested they reenter their credit card information through a provided link. Fortunately, a technical glitch saved them from getting ensnared. "The landing page for the confirmation wasn't working," she remembers. That technical hiccup prompted her to contact the hotel directly through its official website. And, as it turns out, there was no problem with their reservation. A new age of travel fraud The Rupps' close call illustrates a disturbing trend: Artificial intelligence is making travel scams nearly impossible to detect. Traditional red flags like poor grammar and obvious spelling mistakes have vanished, thanks to ChatGPT and Gemini. Today's AI-powered scams feature flawless language, authentic-looking websites and sophisticated social engineering that can fool even the most experienced travelers. "Travel scams have proliferated with AI," says Cayce Myers, a communication professor at Virginia Tech. "Scams play on urgency because people don't have time to think and reflect on whether this is a genuine interaction or something that is manufactured through AI." The numbers are staggering. McAfee reports a 900% surge in AI travel scams in the last year, with 1 in 5 Americans getting scammed while booking travel. Of those who lost money, 13% reportedly lost over $500, and 5% lost more than $1,000. How AI supercharges travel scams How are scammers using AI to deceive you? This list is long. Deepfake voice calls: Scammers now clone voices to impersonate airline representatives, hotel staff or even travel companions in distress. These calls often include real booking details stolen from data breaches. "But the rhythm or timing of the voice is usually off a little, or sounds a little too perfect," says Mike Engelhart, chief technology officer at iSeatz. AI-generated phishing: Gone are the days of obvious phishing emails. AI now crafts messages with perfect grammar and authentic branding that mimic legitimate travel confirmations. "AI technology can create messages that look very legitimate, without the errors you would normally expect," says Edward Tian, CEO of GPTZero. Fake booking sites: AI generates entire travel websites complete with stolen photos, fabricated reviews and cloned interfaces of legitimate platforms like Airbnb or Booking.com. AI-manufactured reviews and content: Fraudsters use AI to generate fake travel reviews or create social media personas offering discounted trips. Travel pictures and videos generated and edited using AI are used to lure people into paying for travel packages or tours that don't exist. These red flags still work Despite AI's sophistication, experts say certain warning signs remain reliable. Payment methods: Legitimate businesses don't request payment via cryptocurrency, wire transfers, gift cards or peer-to-peer apps like Venmo or Zelle. URL irregularities: Look for slight misspellings like "Booklng.com" instead of "Booking.com" or unusual domains ending in ".xyz" instead of ".com." Contact verification issues: If a "customer service" representative can't verify basic booking details they should have access to, it's likely a scam. "Genuine providers can always confirm a booking reference, ticket number and previously stored payment method without asking the customer to supply them," says Nic Adams, co-founder of 0rcus. But perhaps the biggest giveaway has to do with timing. "Urgency is often a major red flag," says Zoey Jiang, who teaches business technology at Carnegie Mellon University. "Beware of listings pressuring you with claims like 'Only 1 left at this price!' " What to do if you're caught If you suspect you're stuck in an AI scam, stop all communication immediately. Contact your bank or credit card company. Ask it to freeze your accounts and dispute any credit card charges immediately. Verify your booking independently. Use an official airline website and the published phone numbers. Do not use a link from an email message -- it might be a fake. Report the scam. Let the Federal Trade Commission and the FBI's Internet Crime Complaint Center know about it. To recover your money you may have to file a report as part of your dispute. Reset your passwords. Enable two-factor authentication on all accounts. Document everything. Save screenshots, emails and call logs. You may need them later. "The faster you act, the better your chances of stopping any payments or reversing the charges," advises Anusha Parisutham, the senior director of product at the AI company Feedzai. Is there a fix to stop the AI scams? Travel companies are fighting back with technology. They're using tools like biometric verification -- using face scans to prevent deepfake impersonation. They're also implementing better cryptographic email signing to verify authentic communications and deploying AI scam detections to identify synthetic content. "The same tools being used to deceive can also be used to protect," notes Engelhart of iSeatz. "But it takes cross-platform collaboration and design choices that prioritize clarity over speed." Perhaps the most insidious aspect of AI travel scams is how they exploit our trust in technology. Travelers often assume that sophisticated, well-designed communications must be legitimate. "Scammers count on silence and shame to keep their efforts going," says Petros Efstathopoulos, vice president of research and development at RSAC, a cybersecurity conference. "By reporting the fraud and speaking out, you help protect others." The Rupps' experience offers an important lesson: Even cybersecurity professionals and experienced travelers aren't immune. The key is maintaining healthy skepticism in an age when perfect presentation no longer guarantees authenticity. In a world where AI can clone voices, forge emails and create entire fake travel experiences in minutes, the most powerful defense remains the most human one: Pause and verify, and trust your instincts when something feels off. Otherwise, you might need a glitchy website to save your vacation.

How AI is making travel scams nearly impossible to spot

Delta Air Lines sparks debate over AI-driven pricing as experts warn of rising fare personalization. * Artificial intelligence is making travel scams more sophisticated and harder to detect. * Scammers use AI to create flawless phishing messages, fake booking sites, and deepfake voice calls. * If you suspect a scam, contact your bank, independently verify bookings, and report the incident to authorities. Randy Rupp thought he'd seen it all. A retired federal law enforcement agent with years of experience spotting fraud, he and his wife, Becki, were planning a hiking trip to Italy's Dolomites. They'd booked their hotel in Bolzano, Italy, months earlier through an online travel agency. Then came the WhatsApp message that nearly got them. The message appeared to come from hotel staff and included specific details about their booking. Check out Elliott Confidential, the newsletter the travel industry doesn't want you to read. Each issue is filled with breaking news, deep insights, and exclusive strategies for becoming a better traveler. But don't tell anyone! "It was very well written," said Becki Rupp, a travel coach who's helped countless clients navigate travel logistics. The scammer requested that they reenter their credit card information through a provided link. Fortunately, a technical glitch saved them from getting ensnared. "The landing page for the confirmation wasn't working," she said. That technical hiccup prompted her to contact the hotel directly through its official website. And, as it turns out, there was no problem with their reservation. A new age of travel fraud The Rupps' close call illustrates a disturbing trend: AI is making travel scams nearly impossible to detect. Traditional red flags like poor grammar and obvious spelling mistakes have vanished, thanks to ChatGPT and Gemini. Today's AI-powered scams feature flawless language, authentic-looking websites, and sophisticated social engineering that can fool even the most experienced travelers. "Travel scams have proliferated with AI," said Cayce Myers, a communication professor at Virginia Tech. "Scams play on urgency because people don't have time to think and reflect on whether this is a genuine interaction or something that is manufactured through AI." The numbers are staggering. McAfee reports a 900% surge in AI travel scams in the last year, with 1 in 5 Americans getting scammed while booking travel. Of those who lost money, 13% reportedly lost over $500, and 5% lost more than $1,000. How AI supercharges travel scams How are scammers using AI to deceive you? This list is long. * Deepfake voice calls: Scammers now clone voices to impersonate airline representatives, hotel staff, or even travel companions in distress. These calls often include real booking details stolen from data breaches. "But the rhythm or timing of the voice is usually off a little, or sounds a little too perfect," said Mike Engelhart, chief technology officer at iSeatz. * AI-generated phishing: Gone are the days of obvious phishing emails. AI now crafts messages with perfect grammar and authentic branding that mimic legitimate travel confirmations. "AI technology can create messages that look very legitimate, without the errors you would normally expect," said Edward Tian, CEO of GPTZero. * Fake booking sites: AI generates entire travel websites complete with stolen photos, fabricated reviews, and cloned interfaces of legitimate platforms like Airbnb or Booking.com. * AI-manufactured reviews and content: Fraudsters use AI to create fake travel reviews or create social media personas offering discounted trips. Travel pictures and videos generated and edited using AI are used to lure people into paying for travel packages or tours that don't exist. These red flags still work Despite AI's sophistication, experts say certain warning signs remain reliable. * Payment methods. Legitimate businesses don't request payment via cryptocurrency, wire transfers, gift cards, or peer-to-peer apps like Venmo or Zelle. * URL irregularities. Look for slight misspellings like "Booklng.com" instead of "Booking.com" or unusual domains ending in ".xyz" instead of ".com." * Contact verification issues. If a "customer service" representative can't verify basic booking details they should have access to, it's likely a scam. "Genuine providers can always confirm a booking reference, ticket number, and previously stored payment method without asking the customer to supply them," said Nic Adams, cofounder of 0rcus. But perhaps the biggest giveaway has to do with timing. "Urgency is often a major red flag," said Zoey Jiang, who teaches business technology at Carnegie Mellon University. "Beware of listings pressuring you with claims like 'Only 1 left at this price!'" What to do if you're caught If you suspect you're stuck in an AI scam, stop all communication immediately. "The faster you act, the better your chances of stopping any payments or reversing the charges," said Anusha Parisutham, the senior director of product at the AI company Feedzai. Is there a fix to stop the AI scams? Travel companies are fighting back with technology. They're using tools like biometric verification - using face scans to prevent deepfake impersonation. They're also implementing stronger cryptographic email signing to verify authenticity and deploying AI-based scam detection to identify synthetic content. "The same tools being used to deceive can also be used to protect," notes Engelhart of iSeatz. "But it takes cross-platform collaboration and design choices that prioritize clarity over speed." Perhaps the most insidious aspect of AI travel scams is their exploitation of our trust in technology. Travelers often assume that sophisticated, well-designed communications must be legitimate. "Scammers count on silence and shame to keep their efforts going," said Petros Efstathopoulos, vice president of research and development at RSAC, a cybersecurity conference. "By reporting the fraud and speaking out, you help protect others." The Rupps' experience offers an important lesson: Even cybersecurity professionals and experienced travelers aren't immune. The key is maintaining healthy skepticism in an age when perfect presentation no longer guarantees authenticity. In a world where AI can clone voices, forge emails, and create entire fake travel experiences in minutes, the most powerful defense remains the most human one: Pause and verify, and trust your instincts when something feels off. Otherwise, you might need a glitchy website to save your vacation. Christopher Elliott is an author, consumer advocate, and journalist. He founded Elliott Advocacy, a nonprofit organization that helps solve consumer problems. He publishes Elliott Confidential, a travel newsletter, and the Elliott Report, a news site about customer service. If you need help with a consumer problem, you can reach him here or email him at [email protected].