Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyb ... - Check Point Blog

Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take advantage of exactly that. Check Point Research tracked the threat landscape heading into the 2026 summer travel season, and what they found should give travelers pause before they click “confirm booking.”  The hospitality sector is under targeted attack  The hospitality, travel, and recreation sector recorded 2,291 average weekly cyberattacks per organization in May 2026, a 24% increase compared to the same month last year. To put that in context, the global year-over-year rise across all industries was just 2%. The sector has more than doubled its attack volume since May 2023, growing from 1,032 to 2,291 weekly attacks per organization over three years, a cumulative increase of 122% over three years.  This is not a general uptick in cyber crime that happens to touch travel. It is a deliberate, seasonal intensification targeting an industry that processes enormous volumes of personal and financial data precisely when people are distracted, rushing, and eager to secure a good deal.  Nearly 50,000 fake travel domains registered in one month  In May 2026 alone, 47,318 new travel-related domains were registered, up 33% from April and 19% higher than May 2025. Among those domains, one in every 112 is already classified as malicious or suspicious. Many others remain dormant for now, waiting to be activated as summer traffic peaks.  Check Point Research identified three coordinated bulk-registration campaigns within the April and May data. The first revolves around over 210 sequentially numbered hotel-lure domains following templates like hotel-stay[N].com and stay-hotel[N].com, all pointing to a single automated actor building phishing infrastructure at scale. The second impersonates American Express and Lloyds Travel Choice, an affiliation of Lloyds Bank with travel reward lures, combining recognizable financial brand names with keywords like “happytrip” and “travelchoice” on .ink domains, a TLD frequently used for short-lived phishing operations. The third targets the brand “Fora Travel” across 108 distinct TLDs, including .cruises, .miami, and .international, a saturation strategy aimed at flooding multiple web domains with lookalike sites to increase the chances of intercepting travelers, no matter what they type into a browser.  Fake Booking.com, Airbnb, and Skyscanner sites are already live  Beyond infrastructure, Check Point’s threat intelligence identified active travel phishing sites impersonating some of the most trusted names in online travel booking. bookingni[.]com reproduces the Booking.com sign-in flow to harvest credentials and payment card details. A coordinated campaign using booking-cn[.]com and booking-hk[.]com targets Chinese-speaking travelers with localized versions of the Booking.com homepage, complete with RMB pricing and a “mid-year summer sale” banner timed to the booking peak. The same actor also operates booking-jp[.]com and booking-zh[.]com.  airbnb-ca[.]com targets travelers planning a trip to Canada with a geo-specific impersonation site featuring Canadian Rockies photography and property listings for Montreal, Toronto, Vancouver, and Banff.   And several domains operating under the Skyscanner name, including skyscanners[.]shop and skyscanners[.]life, display real-looking “presale price” hotel deals at Malaysian resorts before collecting deposits that go nowhere near an actual booking.  How to protect yourself from hospitality & travel phishing scams  Knowing that fake booking sites exist is useful. Knowing how to spot them is what actually keeps you safe.  Type travel URLs directly into your browser rather than following links from emails or ads Look carefully at the domain before entering any login or payment information, because a single letter of difference is exactly what these campaigns rely on Use a credit card rather than a debit card for online bookings, since credit cards offer stronger fraud protection and easier dispute resolution Enable two-factor authentication on any travel platform account you use regularly If a deal feels unusually urgent or cheap, that pressure is usually engineered Travel cyber security threats follow a predictable seasonal rhythm. The people behind fake booking sites plan around the summer surge just as carefully as legitimate businesses do, and they are ready well before most travelers start searching.