As the travel industry continues its recovery from the pandemic, it faces an escalating threat from automated bot attacks. According to Imperva’s 2024 Bad Bot Report, nearly 21% of all bot attack requests targeted the travel sector last year. This represents a significant rise, with bad bots now comprising 44.5% of the industry’s web traffic, up from 37.4% in 2022. The surge in bot activity is attributed to increased consumer demand for travel services during the summer season and major European sporting events, which heightens the risk of targeted attacks on airlines, hotels, and other travel-related businesses.
The types of attacks facing the industry are diverse and damaging. Unauthorized scraping, where bots collect pricing information and inventories without permission, has become a major concern. For instance, airlines have reported substantial financial impacts due to inflated API costs from excessive scraping. Another significant issue is seat spinning, where bots repeatedly book and cancel reservations to create artificial scarcity, leading to inflated prices and mismanagement of inventory. This not only disrupts business operations but also affects genuine customers who struggle to book available seats or rooms.
Account takeover (ATO) attacks are also prevalent, with the travel industry experiencing the second-highest volume of such incidents in 2023. Bots target user accounts to steal personal information, payment methods, and loyalty points, leveraging the time-sensitive nature of travel transactions for quick monetization. This results in financial losses, damaged customer trust, and reputational harm. Addressing ATO attacks requires considerable resources for customer support and security enhancements, further straining the industry’s resources.
To combat these automated threats, Imperva recommends several strategies. Organizations should implement advanced traffic analysis and real-time bot detection to understand and mitigate risks. Effective measures include blocking outdated browser versions, restricting access from bulk IP data centers, and monitoring for signs of automation such as rapid interactions. As bot technology evolves, adopting layered defenses, including user behavior analysis and fingerprinting, will be crucial for maintaining security and ensuring smooth operations in the increasingly bot-ridden travel sector.
Reference:
