Planning a trip? Fake travel sites are multiplying this summer

Cyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point.

(Source: Check Point)

“The sector has more than doubled its attack volume since May 2023,” researchers noted, reporting a cumulative increase of 122% over three years.

According to the report, 47,318 travel-related domains were registered in May 2026, a 33% increase from the previous month. One in every 112 newly registered domains was already classified as malicious or suspicious.

“Many others remain dormant for now, waiting to be activated as summer traffic peaks.”

Check Point identified three coordinated bulk-registration operations during April and May. One involved more than 210 sequentially numbered hotel-themed domains using naming patterns such as hotel-stay[N].com and stay-hotel[N].com.

Another referenced American Express and Lloyds Travel Choice, combining terms such as “happytrip” and “travelchoice” on .ink domains. A third targeted the Fora Travel brand through 108 top-level domains, including .cruises, .miami, and .international.

The researchers also uncovered phishing sites masquerading as Booking.com, Airbnb, and Skyscanner.

One Booking.com-themed operation used fake login pages to steal credentials and payment card details, while an Airbnb-themed site targeted travelers planning trips to Canada with listings for destinations such as Montreal, Toronto, Vancouver, and Banff alongside imagery of the Canadian Rockies.

“The people behind fake booking sites plan around the summer surge just as carefully as legitimate businesses do, and they are ready well before most travelers start searching,” researchers concluded.