Fraudsters love to attack travel in spring. When other people are thinking about booking their next vacation, criminals are planning how to leverage and exploit that trend. Shockingly, spring is almost x3 the attack rate, compared to calm times of the year.
This year, that seasonal spike is more challenging than ever because all the tricks that fraudsters are using more generally end up lasering in on travel, and there happens to be quite a bit going on at the moment.
What’s Taking Flight in Online Fraud
Some periods feel like fraud is ticking along, with the criminals focused on refining tried-and-tested known techniques but not really shaking things up much. Other times, it feels as though there’s an explosion of criminal creativity, and it can be hard to keep up all at once. Currently, it’s a bit like the latter.
Here are some trends that fraudsters are currently throwing at us:
- ATO
- Fake accounts
- Remote desktop attacks
- Bots: More of them and in more contexts
- GenAI: Not quite top notch yet, but they’re experimenting
It’s a lot for any industry, but at this time of year, it all piles on travel.
Travel is Under Siege
It’s not that travel is suffering from specially crafted versions of these attack types or that there’s anything particularly relevant to travel as an industry that means it’s more vulnerable than other verticals. It’s simply that travel fraud attacks spike in the spring, and so if there are a number of fraud attack trends ongoing when spring rolls around, they naturally end up piling on travel attacks that would have happened anyway.
It’s also about criminals honing a skill. The fraudsters who have become good at a given attack earlier in the year, are now proficient. If RDP attacks were up 8% during the holidays (which they were in 2024) and have risen 12% over 6 months, that’s an indication that fraudsters have been continuing to invest in that trend. When they attack travel in spring, their efforts benefit from the practice.
Even Generative AI Could Add Risk
This is more speculative, because we’ve only heard of it happening in a couple of instances. However, it does seem that generative AI could turn a rare attack type into something more commonly available — even if it isn’t currently the main go-to in a fraudster’s toolkit.
This happens when fraudsters try to refund a ticket using a different payment method than the one they used to make the original purchase. If it works, it’s a win from their perspective — they made a high-value purchase without raising suspicion (because travel tickets are often fairly pricey) using someone else’s money and then transferring it to their account via a refund, without the hassle of reselling.
It’s inherently risky behavior, so travel companies are usually very reluctant to offer refunds in this way and make it difficult. Some companies, however, do have very specific circumstances in which they may be willing to offer them to a customer during the resolution of their service issue.
Achieving this is arduous, so fraudsters don’t often bother. Their mantra is to maximize ROI with minimal effort and maximal output. Generative AI, on the other hand, can dance through a customer support conversation with minimal effort on a fraudster’s part, even if the conversation takes place over hours or requires being handed off to several different support representatives.
Fraudsters might find ways to automate this procedure, making this fraud more common. Right now, though, it’s a risk factor to watch for next spring rather than this one.
When in Doubt, Focus on Identity
Travel has several unique features when it comes to fraud prevention, but one thing is consistent with every other industry — successfully stopping fraud, minimizing abuse, and streamlining an excellent experience for good customers all comes down to identity.
You need to be confident that the person making the booking or the purchase is the person with the right to do so with those details. Everything else, from the specifics of how you identify ATO, to what’s going on with the rise in RDP, to fears around generative AI, is a detail.
This is vital in travel more than in any other industry because so many elements in travel are likely to be dynamic, more than with other products or services. People are more likely to be in airports or public spaces, more likely to use a hotel or temporary address, more likely to think about loyalty points as part of the buying picture, and so on.
To make the right decisions, you need to consider the whole picture of the customer’s profile, behavior, device, details, and more. If you look at your customers as the multi-dimensional individuals they are, you’ll be able to identify them — and the fraudsters — no matter what tricks they have.