As the world grapples with the rapid evolution of cybercrime, the Global Business Travel Association (GBTA) Risk Committee highlights a particular concern in their latest 2025 Risk Outlook: deepfake scams.
These sophisticated forms of synthetic media - images, videos, or audio manipulated through artificial intelligence - pose significant risks to business travellers, marking them as prime targets for cybercriminals navigating an increasingly digital landscape.
Peta Gaye Pottinger, a member of GBTA Canada’s Risk Committee, elaborates that business travellers often find themselves vulnerable due to their reliance on technology while handling sensitive data.
The hectic pace of travelling through busy airports, coping with jet lag, and managing pressing business commitments across multiple time zones create a perfect storm for cyber threats.
“When you evaluate the scenario from a criminal perspective,” explains Mummy Mafojane, the Productive Operations Leader at FCM, “it becomes clear why South Africa - a bustling business hub - ranks third globally for cybercrime victims, according to recent research from SABRIC.
Executives are frequently moving in and out, making critical decisions and transferring substantial amounts of money in mere moments.
As they rush to secure deals, cybersecurity often falls to the back of their minds, which is precisely what cybercriminals exploit.”
Understanding the threat landscape
A key risk that business travellers face is falling for seemingly legitimate booking scams. Cybercriminals employ a strategy of stealth, monitoring travel-related communications in search of telltale signs that signal financial transactions are about to occur.
“Imagine having a digital pickpocket lurking behind you,” warns Pottinger. “Instead of snatching your wallet, they alter your payment details, leading you to discover your funds gone before you even realise there’s been a breach.”
But the consequences extend far beyond immediate financial loss. The booking confirmations that travellers innocently forward contain invaluable personal information - passport numbers, credit card data, and corporate logins - offering hackers unfettered access into both private and company systems.
“It’s akin to handing someone the keys to your home, allowing them to ransack your belongings at will,” adds Pottinger.
Smart strategies for safer travel
To fortify against these threats, business travellers must reassess their booking habits.
“Many web-based travel platforms can mimic trusted sites perfectly,” notes Juan Du Plooy, Information Security Lead at FCTG South Africa. “They may look reputable until you realise you've unwittingly provided your credit card information to a fraudster.”
Engaging with travel management companies (TMC) becomes invaluable in this context, as they offer more than just booking services; they actively monitor and defend against cyber threats. These platforms are equipped to detect common fraudulent patterns and maintain security protocols that standard public booking sites cannot.
However, the risks don't dissipate once the ticket is booked. As travellers embark on their journeys, hotel Wi-Fi networks often pose hidden dangers.
“Those password-protected networks might seem secure, but deceptive copies created by hackers can expose your every online action—from emails to passwords and documents,” warns Du Plooy.
“Thus, it’s wise to approach public Wi-Fi connections with caution.”
Expert recommendations for business safety
Pottinger offers a suite of essential precautions for all business travellers:
- Use encrypted devices: Mandate the use of secure devices and VPNs for all travelling employees.
- Educate on cybersecurity: Staff must be trained to recognise phishing tactics and avoid public Wi-Fi, instead relying on personal data networks.
- Use privacy screens: Encourage the use of privacy screen filters in public settings to thwart potential shoulder-surfing attacks.
- Maintain strict cybersecurity policies: Implement robust protocols for managing work devices during travel.
- Conduct breach simulations: Regularly simulate cybersecurity breach scenarios to equip employees with effective responses.
- Choose the right travel partner: Collaborate with TMCs that prioritise risk management and offer secure booking channels and actionable alerts about emerging cyber threats in specific destinations.
As the deepfake trend escalates and cyber threats continue to evolve, the importance of remaining vigilant and well-informed cannot be overstated.
Business travellers must adopt these protective measures not just to safeguard themselves but to preserve the integrity of their organisations in an increasingly perilous digital environment.