Johannesburg – It's dashing to board the plane when the phone rings. It's the boss of a video call – even looking like she always does, talking to her familiar cadence and using her classic “Make It Happen” phrase. She needs you to approve the urgent payment. Why don't you trust her?
Because it's not her.
Would you bet money? AI generation. That video showing her in her usual place by the window? Deep fake. And that payment she desperately needed? It disappeared into the con man's pocket.
This is not science fiction. This is a real threat that keeps security experts at night. The Global Business Travel Association (GBTA) Risk Committee's 2025 risk outlook involves Deep FarK scams in the top five on the worry list. Think about it: When is it likely that you miss a warning sign? When you're racing the airport, dealing with jet lags, and trying to keep your business running across multiple time zones. For cybercriminals, when we live from suitcases, we are the perfect target.
Peta Gaye Pottinger, a member of the GBTA Canada Risk Committee, said:
According to Sabric's latest research, this is a plain reality check. South Africa ranks third globally for cybercrime victims. Sink it. Third. all over the world.
“Look at it from a criminal perspective,” says Mummy Maphojan, a productive operational leader at FCM, who places his fingers in the pulsating of these threats. “We are a hub of a profession where executives are constantly flying, making momentary decisions and moving serious money across different time zones. When you're competing to close the deal, cybersecurity may be the last thing in your mind – and that's exactly what they rely on.”
Fake booking, real money lost
Deepfake is a headline that grabs flashy new threats, but cybercriminals play a much bigger game.
For example, when booking a flight. Cybercriminals may be quietly looking at all emails and waiting for magical words like “travel booking,” “payment details,” or “iterry.” It's like looking at a digital pickpocket over your shoulder, but instead of snatching your wallet, they're quietly changing some numbers to your payment details. By the time you realize something is wrong, your money has been gone for a long time.
But the scary part is that stealing travel funds is their opening move. Confirm these reservations you casually transfer? They are Goldmine for personal data such as your passport number, credit card details, and company login. Everything hackers need to dig deeper into the company's systems. And that's when the real damage begins. It's like giving someone a key to your house – once they enter, they can attack all the rooms.
The booking method is important
So, how do you slap these cyber threat doors? It starts by rethinking your booking habits. You may see it on Google, but as Juan Du Plooy, information security lead at FCTG South Africa, says, “It's like walking into a completely replicated designer store. Everything looks legitimate until you realize you're handing out your credit card to a scammer. These criminals are master's degrees in cloning for popular booking sites.”
This is where travel management companies prove their worth. Reservation platforms don't just process reservations. They constantly scan for suspicious patterns, validate all transactions, and maintain security measures that those publicly booked sites simply cannot match.
Sadly, risk escalates when you book and move.
Hotel Wi-Fi is not your friend
That USB charging port at the airport? It may upload malware faster than battery charging. That “emergency update” from your hotel in your inbox? For more information about yours, perhaps the scammer “phishing”. And the poolside selfies you just posted? You broadcast to criminals that you are away from home and prime target you and your devices.
But this is the biggest trap: Wi-Fi. “You may feel that a password-protected hotel network is safe,” warns Du Plooy. “But hackers make the perfect copy of these networks. You'll connect to one and all the emails, passwords and documents you do online are published.”
Pottinger recommends these important protections to business travelers.
Requires all travel employees to use encrypted devices and VPN connections. Educate employees about cybersecurity awareness – specifically avoid publicly available Wi-Fi and use personal data instead. We encourage travelers to use privacy screen filters to prevent shoulder surfing attacks in public places. Implement a strong cybersecurity policy to manage your work devices while traveling. Simulate cybersecurity breach scenarios regularly to ensure employees know how to respond.
Mafojane also adds, working with TMC, a partner in risk management. “We provide businesses with secure booking channels that reduce the risk of fraud, real-time alerts about new cyber threats at specific destinations, and policies that help businesses to build overall secure travel protocols.”
