The travel industry, recovering from the pandemic, is increasingly targeted by automated threats. According to Imperva’s 2024 Bad Bot Report, nearly 21% of all bot attack requests in the past year were aimed at the sector. Bad bots accounted for 44.5% of web traffic within the industry in 2023, up from 37.4% in 2022. With a surge in consumer demand for travel services, including flights and accommodations, Imperva anticipates an increase in bot activity, which can lead to unauthorized scraping, seat spinning, account takeovers, and fraud.
Bots perform various malicious activities such as scraping data, booking and canceling seats to create false scarcity, and taking over accounts. These actions can disrupt normal operations, inflate costs, and harm customer experience. For example, seat spinning can create artificial shortages, leading to inflated prices and inventory mismanagement, while account takeovers can exploit valuable personal information and loyalty points for fraud.
Imperva distinguishes between simple, moderate, and advanced bad bots. Simple bots engage in basic scraping, while advanced bots mimic human behavior to evade detection, making them more dangerous. Advanced bad bots accounted for 61% of bot activity in the travel sector last year, posing significant risks due to their persistence and sophisticated tactics.
To combat these threats, Imperva recommends comprehensive security strategies including advanced traffic analysis, real-time bot detection, and layered defenses. Organizations should focus on identifying risks around login functionalities, blocking outdated browser versions, and monitoring traffic anomalies. As bot technology evolves, especially with AI advancements, distinguishing between legitimate and malicious traffic will become more challenging, necessitating robust defensive measures.