- BOTS now dominates the trussel landscape of travel platforms in pointing booking periods
- False demand created by bots leads to inflated prices and fewer options for real users
- SMS -pump attacks drain funds and delay key reviews for travelers
When the summer journey hits its peak, a new concern is emerging that has suffered from rising fuel costs or demand -driven pricing.
A growing amount of automated traffic is now blamed for increasing aircraft prices, interfering with bookings and damaging the experience of travelers, experts have warned.
Thales BAD BOT report from 2025 claims the travel sector accounted for 27% of all bot-related activity globally last year, making it the most targeted industry.
The travel sector appears as the top measure of automated bot attack
The report outlines several ways that Bots intervene in online travel platforms.
A key question is the “spinning of the seat” where Bots initiates the booking process but does not complete payment – by temporarily hamstring fixtures they will reduce the availability and can create a false conception of scarcity, which can affect vital gord.
In some cases, Bots resell the tickets they secure through “ticket salping”, pushing real customers at bloated prices or unavailable flights.
These attacks also utilize messaging systems through what is known as “SMS pumping”, which involves triggers high amounts of text messages for premium rate, increasing the cost of businesses and potentially delaying important customer messages.
“Bad bots not only cause chaos online anymore, they hijack holidays,” said Tim Ayling, cyber security specialist at Thales.
“Right now, travel sites are overwhelmed by bots pretending to be real customers, snapping tickets, scraping prices and slowing down all.”
As more transactions change to mobile, the problem has become more visible, especially for travelers at the last minute who depend on real -time updates.
Bots themselves become easier to insert, and there is an increase in simpler, more accessible bots, often powered by AI-based tools.
This is not the domain of sophisticated hackers alone. Low qualified actors can now use basic scripts or free proxy setups to bypass traditional security.
Even the use of VPN and proxy services, typically associated with privacy, is sometimes manipulated to mask malicious traffic, giving the bots the appearance of legitimate users gaining access from different regions.
Another growing problem is the targeting of APIs, such as current results, pricing engines and loyalty programs.
Almost half of all advanced bot attacks are now focusing on these areas, and they can interfere with backend features, slow down entire sites or even make them go down.
Attackers also use advanced techniques to mimic real human behavior, making it harder for traditional defense to detect and block harmful traffic.
Methods such as CAPTCHA, when effective, are no longer reliable, often frustrating real users more than bots.
“Traditional defense just doesn’t cut it. Travel companies need a smarter, layered approach that blocks identification tasks and ensures vulnerable areas such as login and boxes through continuous testing and threat -waking.”
In a digital environment where automation now surpasses human web traffic, the challenge facing airlines and travel sites is facing, less about visibility and more about precision.
