AI-Driven Travel Scams Are Reshaping the Fraud Landscape for Merchants and Operators
The travel industry has long been a target for fraudsters, but the arrival of sophisticated artificial intelligence tools has transformed what was once a manageable problem into a full-scale crisis. Online travel giants, payment processors, and loyalty program operators are now grappling with a surge in AI-enabled scams that are more convincing, more scalable, and far harder to detect than anything the industry has faced before.
According to data from Booking.com, AI-fueled travel scams increased by between 500 and 900 percent over an 18-month period in 2024. Flight Centre Canada told The Canadian Press that in a single month it worked with Google and other search engines to take down more than 200 fraudulent listings on impostor websites mimicking the travel agency’s brand. Industry observers say the problem has only accelerated since.
How AI Changes the Scam Playbook
Traditional travel scams relied on obvious tells: misspelled subject lines, clashing fonts, grammatical errors in the body of the message. Those giveaways trained consumers to recognize fraud attempts, and the old “spray and pray” approach of blasting out mass emails yielded diminishing returns. AI changes that calculus entirely.
Octavia Howell, vice-president and chief information security officer with Equifax Canada, told MoneySense that fraudsters can now instantaneously scrape social media and the web for information about an intended victim, build a profile, and craft a pitch tailored to their interests. “The scams aren’t necessarily different; they’re the same type of scams,” Howell said. “But now [fraudsters] can target individuals with tailored, highly convincing messaging that often looks polished and legitimate, and the likelihood of someone falling for the scam is greater.”
The result is a wave of phishing attempts that reference real travel brands, real loyalty programs, and real booking confirmations. Fraudulent websites copy photos and information from hotel, airline, and cruise line sites to create the impression that customers are booking through the actual provider. Some bogus vacation rental listings appear on platforms like Airbnb and VRBO, leaving travelers with no property when they arrive at the destination.
Loyalty Points: A Prime Target
Among the most valuable targets for AI-driven travel fraud are airline and hotel loyalty programs. Points balances represent stored value that is often less scrutinized than bank accounts or credit cards, making unauthorized redemptions harder to flag in real time.
“The odds of you getting a phishing email that’s looking for your credentials, and they’ll just keep trying to throw stuff at you until they get through, are very high,” said Pat Pellegrini, CEO of consumer research firm Vividata. “Loyalty points have been taken in the same manner.” The attack cycle typically begins with a convincing phishing message that mimics a loyalty program notification, complete with urgent language about account verification or a pending points expiration.
For travel merchants and operators, the implications extend beyond their own brand exposure. Fraudulent listings and scam sites that impersonate trusted travel brands erode consumer confidence across the entire ecosystem. Travelers who have been burned by fake booking sites may become hesitant to complete transactions even on legitimate platforms, driving up cart abandonment rates and increasing customer acquisition costs for operators who invest in security and verification.
Spotting the Next Generation of Scams
Many of the red flags that once signaled fraud are now absent from AI-assisted attempts. Misspellings, odd email addresses, and suspicious URLs are often carefully avoided. Industry experts recommend that operators and travelers alike look for subtler clues: messages that relate to something the recipient did not initiate, tones that feel slightly off for the supposed sender, and offers that sound too good to be true.
The Canadian Anti-Fraud Centre recommends a “Stop. Check. Talk” approach: never rush to respond, verify whether the request is legitimate through publicly listed contact information rather than links in the message, and report suspected fraud attempts promptly.
For travel merchants, the operational response must include proactive monitoring of brand impersonation online, rapid takedown processes for fraudulent listings, and clear guest education about how to verify bookings directly through official channels.
Industry-Wide Exposure
TD Bank warned in a post on its website that booking through fraudulent third-party platforms creates risk that travelers may not discover until they arrive at their destination, by which point their money is likely gone. Credit card payments and established booking platforms offer greater protection, but even those channels are not immune to sophisticated social engineering attacks.
For the travel merchant community, the AI-enabled fraud surge is a dual challenge: protecting their own operations from fraudulent activity while also helping customers navigate an increasingly hostile online environment. The operators who move fastest to add AI-aware fraud detection, clear communication protocols, and proactive brand monitoring will be best positioned to maintain trust in an environment where scams are becoming more sophisticated by the day.
The scale of the problem makes clear that this is no longer a niche risk management concern. Fraud enabled by artificial intelligence is reshaping the travel payments landscape, affecting operators across airlines, hotels, cruise lines, and online travel agencies. The merchants and operators who treat it as a core business risk rather than a peripheral IT issue will be the ones who survive the next wave.
Sources: The Canadian Press via Canadian Underwriter; MoneySense; TD Bank; Vividata; Equifax Canada; Booking.com
