JOHANNESBURG – You’re dashing to catch your flight when your phone buzzes. It’s your boss on video call – looking as she always does, speaking with her familiar cadence, even using her classic “make it happen” phrase. She needs you to approve an urgent payment. Why wouldn’t you trust her?
Because that’s not her.
That voice you’d bet money on? AI-generated. That video showing her at her usual spot by the window? Deepfake. And that payment she desperately needed? Just vanished into a scammer’s pocket.
This isn’t science fiction – it’s a real threat keeping security experts up at night. The Global Business Travel Association (GBTA) Risk Committee’s 2025 Risk Outlook puts deepfake scams within the top five on their worry list, and for good reason. Think about it: when will we most likely miss the warning signs? When we’re racing through airports, dealing with jet lag, and trying to keep business moving across multiple time zones. For cybercriminals, we’re the perfect target when we’re living out of a suitcase.
“Business travellers face a unique set of cyber threats due to their increased reliance on technology and access to sensitive data, often in areas with increased vulnerabilities,” says Peta Gaye Pottinger, member of GBTA Canada’s Risk Committee.
Here’s a sobering reality check: South Africa ranks third globally for cybercrime victims, according to SABRIC’s latest research. Let that sink in. Third. Worldwide.
“Look at it from a criminal’s perspective,” says Mummy Mafojane, who keeps her finger on the pulse of these threats as Productive Operations Leader at FCM. “We’re a bustling business hub with executives constantly flying in and out, making split-second decisions, moving serious money across different time zones. When you’re racing to close a deal, cybersecurity might be the last thing on your mind – and that’s exactly what they’re counting on.”
Fake bookings, real money lost
While deepfakes are the flashy new threat-grabbing headlines, cybercriminals play a much bigger game.
For example, when you’re booking a flight. Cybercriminals could be silently watching your every email, waiting for those magic words: “travel booking,” “payment details,” or “itinerary.” It’s like having a digital pickpocket looking over your shoulder, but instead of snatching your wallet, they’re quietly changing a few numbers in your payment details. By the time you realise something’s wrong, your money’s long gone.
But the terrifying part is that stealing your travel funds is just their opening move. Those booking confirmations you casually forward? They’re goldmines of personal data – your passport numbers, credit card details, corporate logins – everything a hacker needs to dig deeper into your company’s systems. And that’s when the real damage begins. It’s like giving someone the keys to your house – once they’re in, they can raid every room.
Your booking method matters
So, how do you slam the door on these cyber threats? It starts with rethinking your booking habits. That travel site you googled might look great, but as Juan Du Plooy, Information Security Lead at FCTG South Africa, puts it: “It’s like walking into a perfectly replicated designer store – everything looks legitimate until you realise you’ve handed your credit card to a fraudster. These criminals are masters at cloning popular booking sites.”
This is where travel management companies prove their worth. Their booking platforms do more than process reservations. They’re constantly scanning for suspicious patterns, verifying every transaction, and maintaining security measures that those public booking sites simply can’t match.
Sadly, the risks escalate once you’ve booked and are on the move.
Hotel Wi-Fi is not your friend
That USB charging port at the airport? It could be uploading malware faster than your battery’s charging. That “urgent update” from your hotel in your inbox? Likely fraudsters ‘phishing’ for your details. And that poolside selfie you just posted? You’ve just broadcast to criminals that you’re away from home, making you and your devices prime targets.
But here’s the biggest trap: Wi-Fi. “That password-protected hotel network might feel safe,” warns Du Plooy, “but hackers create perfect copies of these networks. Connect to one, and everything you do online – every email, password, and document – is exposed.”
Pottinger recommends these critical protections for business travellers:
- Mandate the use of encrypted devices and VPN connections for all travelling employees.
- Educate employees on cybersecurity awareness – specifically avoiding public Wi-Fi and using personal data instead.
- Encourage travellers to use privacy screen filters to prevent shoulder-surfing attacks in public places.
- Implement strong cybersecurity policies for managing work devices while travelling.
- Regularly simulate cybersecurity breach scenarios, ensuring employees know how to respond.
And work with a TMC that is a partner in risk management, adds Mafojane. “We provide businesses with secure booking channels that reduce fraud risks, real-time alerts about emerging cyber threats at specific destinations, and policies that help companies build safer travel protocols overall.”