Fake travel sites surge 33% in May as Check Point reports 24% rise in hospitality cyberattacks
Check Point recorded a 122% cumulative increase in attacks on hospitality firms since 2023, with 47,318 travel-related domains registered in May—one in 112 malicious or suspicious.
Cyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point. Researchers noted that the sector has more than doubled its attack volume since May 2023, reporting a cumulative increase of 122% over three years.
The report reveals that 47,318 travel-related domains were registered in May 2026, a 33% increase from the previous month. One in every 112 newly registered domains was already classified as malicious or suspicious. "Many others remain dormant for now, waiting to be activated as summer traffic peaks," researchers said.
Check Point identified three coordinated bulk-registration operations during April and May. One involved more than 210 sequentially numbered hotel-themed domains using naming patterns such as hotel-stayN.com and stay-hotelN.com. Another referenced American Express and Lloyds Travel Choice, combining terms such as "happytrip" and "travelchoice" on .ink domains. A third targeted the Fora Travel brand through 108 top-level domains, including .cruises, .miami, and .international.
The researchers also uncovered phishing sites masquerading as Booking.com, Airbnb, and Skyscanner. One Booking.com-themed operation used fake login pages to steal credentials and payment card details, while an Airbnb-themed site targeted travelers planning trips to Canada with listings for destinations such as Montreal, Toronto, Vancouver, and Banff alongside imagery of the Canadian Rockies.
"The people behind fake booking sites plan around the summer surge just as carefully as legitimate businesses do, and they are ready well before most travelers start searching," researchers concluded. The report underscores a persistent and growing threat to the travel sector, particularly during peak vacation periods when consumers are more likely to let their guard down.
Travelers are advised to verify domain names carefully, avoid clicking on unsolicited links, and book directly through official platforms rather than third-party sites. For organizations, regular monitoring of newly registered domains and employee training on phishing awareness remain critical defenses.