

























Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take advantage of exactly that. Check Point Research tracked the threat landscape heading into the 2026 summer travel season, and what they found should give travelers pause before they click “confirm booking.”
The hospitality, travel, and recreation sector recorded 2,291 average weekly cyberattacks per organization in May 2026, a 24% increase compared to the same month last year. To put that in context, the global year-over-year rise across all industries was just 2%. The sector has more than doubled its attack volume since May 2023, growing from 1,032 to 2,291 weekly attacks per organization over three years, a cumulative increase of 122% over three years.
This is not a general uptick in cyber crime that happens to touch travel. It is a deliberate, seasonal intensification targeting an industry that processes enormous volumes of personal and financial data precisely when people are distracted, rushing, and eager to secure a good deal.

In May 2026 alone, 47,318 new travel-related domains were registered, up 33% from April and 19% higher than May 2025. Among those domains, one in every 112 is already classified as malicious or suspicious. Many others remain dormant for now, waiting to be activated as summer traffic peaks.
Check Point Research identified three coordinated bulk-registration campaigns within the April and May data. The first revolves around over 210 sequentially numbered hotel-lure domains following templates like hotel-stay[N].com and stay-hotel[N].com, all pointing to a single automated actor building phishing infrastructure at scale. The second impersonates American Express and Lloyds Travel Choice, an affiliation of Lloyds Bank with travel reward lures, combining recognizable financial brand names with keywords like “happytrip” and “travelchoice” on .ink domains, a TLD frequently used for short-lived phishing operations. The third targets the brand “Fora Travel” across 108 distinct TLDs, including .cruises, .miami, and .international, a saturation strategy aimed at flooding multiple web domains with lookalike sites to increase the chances of intercepting travelers, no matter what they type into a browser.

Beyond infrastructure, Check Point’s threat intelligence identified active travel phishing sites impersonating some of the most trusted names in online travel booking. bookingni[.]com reproduces the Booking.com sign-in flow to harvest credentials and payment card details. A coordinated campaign using booking-cn[.]com and booking-hk[.]com targets Chinese-speaking travelers with localized versions of the Booking.com homepage, complete with RMB pricing and a “mid-year summer sale” banner timed to the booking peak. The same actor also operates booking-jp[.]com and booking-zh[.]com.



airbnb-ca[.]com targets travelers planning a trip to Canada with a geo-specific impersonation site featuring Canadian Rockies photography and property listings for Montreal, Toronto, Vancouver, and Banff.

And several domains operating under the Skyscanner name, including skyscanners[.]shop and skyscanners[.]life, display real-looking “presale price” hotel deals at Malaysian resorts before collecting deposits that go nowhere near an actual booking.

Knowing that fake booking sites exist is useful. Knowing how to spot them is what actually keeps you safe.
Travel cyber security threats follow a predictable seasonal rhythm. The people behind fake booking sites plan around the summer surge just as carefully as legitimate businesses do, and they are ready well before most travelers start searching.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。