PETALING JAYA – Stronger regulation and protection are needed with the alarming rise of scams powered by artificial intelligence (AI) targeting hoteliers and travellers, say industry players.

Malaysia Budget & Business Hotel Association president Sri Ganesh Michiel said although such cases are rare in the country with cooperation between hoteliers and online travel agencies (OTAs), they are still a cause for concern.

He highlighted the urgent need for government intervention to regulate OTAs, including Airbnb operators, many of which are based overseas.

“There must be clear procedures for collecting personal information for domestic and international travel bookings to thwart fake reservations, fictitious accommodation, and phishing schemes facilitated through malicious APK (Android Package Kit) downloads and external links,” said Dr Ganesh.

“For example, one should not be allowed to register or make a booking using a fake name before verifying his identity.

“Regulation is crucial to prevent data abuse and ensure customer safety. Measures like strict policies on links and two-step identification are being implemented by Booking.com to enhance security.

“There is a need for laws and regulations to control online platforms and consumer behaviour.”

A report by the chief information security officer of online travel website Booking.com has noted a sharp rise in global phishing attacks targeting the hospitality sector.

Using AI, it said, scammers create realistic e-mails to trick people into divulging sensitive data like credit card or personal information.

“For Booking.com to raise the alarm, it means it’s a dangerous trend, as AI can learn and get smarter,” Dr Ganesh said in a June 29 interview.

“The platform’s warning underscores the evolving capabilities of AI and the diverse methods perpetrators can exploit to deceive and compromise individuals making travel bookings.”

He noted that except for some individual operators, hoteliers in Malaysia have been working closely with travel platforms such as Booking.com and Traveloka. This has helped to address the issues effectively. “The coordination and sharing of information among industry stakeholders have improved to prevent and mitigate scams,” he said.

“We are always taught the latest trends and tactics and how to spot possibly fraudulent e-mails before clicking on any link.”

Malaysian Association of Hotels president Christina Toh said smaller players may be more vulnerable to scams as large international chains have the tech and cyber-security support systems in place to handle these challenges.

“Nonetheless, these companies usually have mechanisms to detect and prevent such incidents, including working with their system providers,” she said, adding: “Hotels usually work collaboratively with platforms like Booking.com to identify and address such issues.

“That’s why frequent training and education of hotel staff on the telltale signs of scams is a regular practice to strengthen defences.”

Datin Toh noted that the rapid response capabilities of OTAs are vital in managing these problems, making close cooperation between OTAs and hoteliers essential for maintaining online security and trust in the industry.

“Such support is crucial in helping these smaller entities manage and potentially circumvent cyber threats effectively,” she said.

Malaysian Tourism Federation president Tan Kok Liang recommended proactive steps be taken by travel operators to protect against AI-enabled phishing scams. Such steps include providing employee education and training.

“Customers should also be informed about potential scams and taught how to verify the authenticity of communications from the business,” said Datuk Tan, adding that establishing secure communication channels is critical to safeguarding business interactions, and installing robust cyber-security tools would also help protect against digital threats.

“Finally, conducting regular security audits will help identify and address vulnerabilities, enhancing safety and confidence in online transactions.”
THE STAR/ASIA NEWS NETWORK