Phishing scams targeting the hospitality and travel sectors have surged significantly, with Check Point Research reporting an average of 2,291 cyberattacks per organization per week in May 2026. This figure represents a 24% increase month-over-month and more than double the attack volume seen in May 2023.
Over the past three years, the hospitality industry has experienced a cumulative rise of 122% in cyberattacks. In contrast, the overall year-over-year increase in cyberattacks across all industries was only 2%, indicating a specific focus on holiday-goers during this peak season.
Check Point Research stated, “This is not a general uptick in cyber crime that happens to touch travel. It is a deliberate, seasonal intensification targeting an industry that processes enormous volumes of personal and financial data precisely when people are distracted, rushing, and eager to secure a good deal.”
A significant portion of these attacks involves phishing emails and fraudulent, spoofed websites. In May 2026 alone, 47,318 new travel-related domains were registered, marking a 33% increase from April and a 19% rise compared to May 2025. Among these new domains, one in every 112 has been classified as either malicious or suspicious.
Experts warn that travelers should verify website domains before entering personal or payment information. Major platforms like Booking, Airbnb, and Skyscanner have been spoofed thousands of times, leading to severe data theft and financial losses.
