If you are planning spring or summer travel, you may want to slow down and pay close attention to the process. Scammers have a lot to gain by targeting travelers: The Federal Trade Commission tracked more than 58,000 reports of travel, vacation, and timeshare plan fraud in 2024 totaling $274 million in losses. And AI is helping them get away with it.
How scammers are targeting travelers
Some of the most common travel scams involve impersonation: of people, brands, and listings. For example, fraudsters will post fake vacation rental listings and collect payment (sometimes by pressuring you to use wire transfers or peer-to-peer apps) and leave you stranded with no place to stay or stuck in accommodations way worse than what you booked and paid for. On the back end of a trip, a dishonest host may try to make fraudulent damage claims and pressure you into paying hundreds or thousands of dollars for something you didn’t do.
Scammers will also impersonate travel agents and booking platforms, allowing them to collect sensitive personal information and money before you clock the fraud. Booking.com is a common target for scams. Multiple campaigns have used a spoofed version of the site to spread malware—another known as “I Paid Twice” targeted both Booking.com and Expedia.
Other travel scams involve fake flight cancellation notifications (which direct you to rebook on a phishing website), fake customer service numbers promoted via both sponsored ads and legitimate business listings, and deals that are too good to be true.
AI facilitates travel scams
These days, even savvy consumers can fall victim to these travel scams. As travel expert and consumer advocate Christopher Elliott writes for The Seattle Times , AI has rendered traditional scam red flags practically obsolete. We can no longer rely on obvious grammar and spelling errors to differentiate between what’s real and what isn’t, as tools like ChatGPT and Gemini are capable of nearly flawless replication of human speech and generating authentic-looking content—like photos, rental listings, and entire websites—in almost no time.
According to McAfee , one of the most common ways AI has changed the travel scam landscape is via voice cloning. Threat actors can make deepfake calls using just a few seconds of voice samples pulled from promotional material or customer service recordings. You may not be able to differentiate between a fake airline representative, hotel staff, or travel agent and a real one, and fraudsters use this to get everything from passport information to credit card numbers.
AI also makes phishing attempts far harder to spot, as scammers can craft booking confirmations and other communication using authentic branding and perfect text. And fake booking sites (as described above), rental listings, and tour pages are nearly indistinguishable from real ones, thanks to AI-generated photos, videos, and reviews.
How to identify AI-powered travel scams
Thankfully, AI hasn’t eliminated every scam indicator. Urgency should always raise alarms, as scammers count on targets responding to demands before having time to think. If you’re being pressured to provide information or pay money or book before a deal expires, it might be a scam. Slow down and verify before taking action.
If you’re asked to send money via crypto, wire transfers, gift cards, or apps like Venmo and Zelle, it’s almost certainly a scam. Always book travel over trusted platforms using credit cards, which have fraud protection and can be tracked or disputed.
If a customer service rep contacts you about your trip, ask them to verify your booking details before providing any additional information. If they cannot confirm things like your reservation number or card on file, they are likely not legitimate. If you’re unsure, hang up and call the hotel, airline, or travel agent using contact information obtained from an official source.
Finally, check travel websites carefully for subtle signs of a scam. Be wary of URL tricks like homograph attacks and typosquatting , which are used to spread malware. Legitimate businesses will also have contact information and privacy policies on their websites. Avoid getting to websites through search results and unsolicited emails and social media messages—instead, go directly through trusted communication or type the correct URL into the address bar.
