TripAdvisor: Investigation reveals ease of faking reviews

By Luke Nicholls

- Last updated on GMT

Related tags: Tripadvisor, Fraud

VisionaryDining's investigation highlights tripadvisor's potential security flaws such as downloading an IP changer or switching internet browsers
VisionaryDining's investigation highlights tripadvisor's potential security flaws such as downloading an IP changer or switching internet browsers
Reviews website TripAdvisor is again at the centre of controversy after an investigation has revealed an array of security loopholes that can be exploited at the click of a mouse.

Following last week’s Attack of the Trip Advisors documentary on Channel 4​, the investigation by hospitality consultancy has discovered that business owners are able to evade TripAdvisor security so that they can pose as guests and write any review, any time, from the same computer.

Gordon Cartwright, managing director of, told BigHospitality: “From all the feedback and experiences we received in our investigation, there are a significant number of people that are writing their own reviews and also writing negative views of their competitors.”

Lack of security

TripAdvisor’s security flaws can be exposed by things as simple as downloading an IP changer, developing multiple email addresses or switching internet browsers.

“The lack of security is incredible,” continued Cartwright. “It needs to be much more secure. At the moment, business owners need to look at reviews carefully. If you’re receiving reviews that appear to be genuine then there’s an opportunity to make changes and therefore that feedback has been of benefit.

“However, if you’re the subject of jealous competitors who are writing any old twaddle to bring you down then I would be out of there in a flash.”

Damaging and devastating

Responding to the findings, the Cock & Bull - the Scottish restaurant considering a lawsuit against TripAdvisor for failing to remove a potentially defamatory review​ – believes the website can be ‘damaging’ and ‘devastating’ to the wellbeing of business owners.

Mandy Davidson, director of the Cock & Bull, said: “Given just how easy it is to manipulate TripAdvisor, either to write favourable reviews for your own business or negative for your competitor, I don't think we will ever be able to trust the site.

TripAdvisor users need to know just how corrupt their system is, so the more publicity to cast doubt on them the better. The website hides behind a veneer of arrogance when the very livelihoods of hard-working business owners are at stake.”

TripAdvisor response

A responding statement from TripAdvisor said: “We take the authenticity and integrity of our content extremely seriously and we dedicate significant time and resources to that end. We maintain that we have the highest standards in fraud detection, using an ever-evolving and extensive range of measures to spot, track and react to anything that threatens the quality of content on our site. Our systems will identify potential cases of fraud and these are investigated thoroughly by our highly-skilled, dedicated team.

“We cannot emphasise enough our concern about this article; the activity it promotes is illegal and is strictly against our terms of use. Whilst the article in question does not condone the fraudulent use of TripAdvisor, it’s extremely disappointing to see anything which diminishes the high levels of integrity and respect for their customers that the vast majority of those working in the hospitality industry maintain.

“We also believe the vast majority of hoteliers understand the tremendous risk to their reputation and their business if they attempt to post fraudulent information on review sites like TripAdvisor. We take serious steps to penalise businesses who are caught attempting to manipulate the system."

Summarising last week’s documentary and these latest findings, Cartwright concluded: “If I had a business, I would have a little card on the table saying ‘we would really like your feedback and we would appreciate it if you could put your till receipt number at the end of the review’. That would be my advice if people wanted to take more care.”

The full list of TripAdvisor’s potential security loopholes uncovered in the investigation can be found at

Related news

Show more

1 comment

TripAdvisor loopholes nothing new

Posted by Phil at TripAdvisorWatch,

I've been banging on about these loopholes for years - this is not news to anyone who is computer-savvy.

I haven't read the article you mention but the article here misses one other security measure that has to be bypassed, and which is easily done - before connecting to the TripAdvisor site to post a review under a new identity the faker has to delete all TripAdvisor cookies from his computer. Cookies are placed each time a person logs on in order to identify them to TA, among other things.

That, plus a fake email address and a new IP address (using a proxy) is all the unscrupulous faker needs to create an undetectable new TA account and review.

Instead of decrying those of us who expose its shortcomings TripAdvisor ought to take a long, hard look at its own faults.

Report abuse


Follow us

Hospitality Guides

View more

Featured Suppliers

All suppliers