When the owner of a Donegal guesthouse started receiving complaints from people who had never stayed with her, she was confused. Guests were calling to say they had booked through a Facebook page that used her name and real photographs of her property — but the account was not hers and the payment had gone somewhere else. By the time she discovered the fraud, six families had paid for holidays they would never take. The fake page had been running for three weeks, appearing in Facebook advertising targeted at Irish and UK tourists. The real guesthouse was left dealing with the reputational fallout from bookings it knew nothing about.
That incident is not an isolated case. Across Donegal and the wider Irish tourism sector, criminals are using artificial intelligence tools to create convincing fake content — deepfake videos, AI-generated property images, synthetic testimonials — to impersonate legitimate businesses and defraud customers. The technology that makes this possible has become cheap, accessible, and effective. The consequences for the real businesses being impersonated are serious and lasting.
What Is Happening and How It Works
The term deepfake refers to AI-generated audio or video that has been manipulated to show a real person saying or doing something they did not actually say or do. In the tourism context, criminals are using public videos of business owners from social media to create convincing promotional content for fake listings. A guesthouse owner who posted a welcome video on Instagram in 2024 may find that content has been repurposed into a fraudulent advertisement for a property that does not exist.
AI-generated images present a different but related threat. Tools freely available online can generate photorealistic images of accommodation properties — interior rooms, sea views, gardens — that look entirely authentic but depict places that do not exist. These images are used to create fake listings on booking platforms and fraudulent social media pages. Customers cannot distinguish them from genuine photographs without attempting to verify the property independently.
The fraud typically combines multiple channels. A customer sees a Facebook advertisement, clicks through to a fake booking page that mirrors the style of a real platform, pays a deposit, and receives a confirmation email that looks legitimate. They arrive in Donegal to find either no property at all or a property that belongs to someone else entirely. An Garda Síochána's National Cyber Crime Bureau has documented this pattern across multiple Irish tourism destinations.[^1]
Is your business name or imagery being used without your knowledge on social media or booking platforms? Book a free 20-minute strategy call — we help Donegal tourism businesses put detection and response procedures in place before fraud causes lasting reputational damage.
Why Donegal Tourism Businesses Are Particularly Exposed
Donegal's tourism businesses operate in an environment that makes them attractive targets. Many are small owner-managed operations without dedicated digital marketing teams or the resources to monitor their online presence continuously. Their properties are photographed extensively by guests and shared widely on social media, providing criminals with a ready supply of authentic imagery to repurpose. Seasonal peaks create urgency in the booking process that customers share, making them more susceptible to pressure tactics.
The reputational damage to the real business is not proportionate to the fraud. Customers who have been defrauded by someone using your name and images will often post negative reviews about your property before they discover the fraud was not your fault. By then, the damage to your online reputation may have affected future bookings for a season or more. The Data Protection Commission has also indicated that businesses whose imagery or customer data is misused by criminals may have notification obligations even when they are the victim rather than the perpetrator.[^2]
How to Detect Impersonation Early
Monitoring your online presence is not optional for any tourism business that markets itself digitally. Set up Google Alerts for your business name, your property name, and your personal name as a business owner. Check these alerts daily. When a new result appears that you do not recognise — a Facebook page, a website, a booking listing — investigate it immediately.
Use reverse image search on your key property photographs. Google Images and TinEye allow you to upload a photograph and find every website where it appears. Run this search monthly on your most prominent images. Fraudulent listings often use your own photographs because they are authentic and convincing.
Search for your business name on major booking platforms regularly. If you find a listing you did not create, report it to the platform using their intellectual property or fraud reporting tools. Document everything — screenshots with timestamps — before you report, because fraudulent pages are often taken down quickly once reported and the evidence disappears with them.
Ask your trusted customers to tell you if they see any communications that seem unusual. Regular guests who know your business well will often recognise impersonation attempts before you will, and their reports can be the earliest warning of an active fraud.
How to Respond When Fraud Is Confirmed
When you discover that your business is being impersonated, your first step is to report to An Garda Síochána and file a crime report. Provide all the documentation you have collected: screenshots, URLs, dates of discovery, and any customer complaints you have received. The Garda NCCB has specific experience with online impersonation fraud and can engage with social media platforms and booking sites more effectively than a private individual.[^3]
Contact the platform hosting the fraudulent content directly and use their formal fraud or intellectual property violation reporting process. Major platforms — Facebook, Booking.com, Airbnb — have dedicated teams for this and can act quickly when evidence is clear. Follow up if you do not receive a response within 48 hours.
Communicate with your own customers proactively. Post a clear statement on your verified social media accounts and website explaining that a fraudulent page using your name has been identified, that you are working to have it removed, and directing customers to your official booking channels only. State your official website address and telephone number explicitly. This communication protects your genuine customers and demonstrates that you are aware of and responding to the threat.
Your business name and imagery are your brand assets. Criminals who steal them are committing a crime that harms you and your customers. The response is to report, document, communicate, and monitor — not to assume the platform will handle it automatically.
What Next: Three Actions for Donegal Tourism Businesses
First, set up daily Google Alerts for your business name and property name this week. This is free and takes five minutes. It is the most basic monitoring that every tourism business with an online presence should have in place and most do not.
Second, run a reverse image search on your five most-used property photographs this month. Upload each image to Google Images and review every result. If you find your images appearing on sites you do not recognise, investigate immediately and report to the platform and to An Garda Síochána if fraud is confirmed.
Third, add a clear statement to your booking confirmation emails and website directing customers to your official contact number for any payment-related queries. A simple sentence — "We will never request payment through a link in an unsolicited message; always call us directly on [number] before making any payment" — costs nothing to add and could prevent a customer from falling victim to fraud conducted in your name.
[^1]: An Garda Síochána — Cybercrime [^2]: Data Protection Commission Ireland [^3]: NCSC Ireland — Advice for Organisations
Related Reading
- Your Booking System Is Your Biggest Attack Surface
- Protecting Your Revenue from Fake Listing Fraud
- Review Bombing and Online Reputation Attacks
Pragmatic Security — Cybersecurity advisory for Irish businesses. Based in Donegal, Ireland. CISA, CISSP, CISM certified advisors.