Holiday season is here — but watch out, hackers are launching more phishing scams… is attracting attention across the tech world. Analysts, enthusiasts, and industry observers are watching closely to see how this story develops.
This update adds another signal to a fast-moving sector where product decisions, platform changes, and competition can quickly shape the market.
Firms in hospitality are being hit with more than 2,000 attacks every week
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Scams targeting people looking to book their summer vacations are spiking, researchers have claimed – and not only that, but the volume of attacks is significantly larger than last year, or the year before, indicating a growing problem.
Security experts Check Point Research found that in May 2026 alone, the hospitality, travel, and recreation sector recorded 2,291 average weekly cyberattacks per organization. The attacks rose 24% month-over-month, while the volume more than doubled compared to May 2023.
Cumulatively, over the last three years, the company found there has been a 122% increase in attacks on the industry.
At the same time, the global year-over-year rise across all industries was just 2% which, CPR argues, means criminals are specifically targeting holiday-goers:
“This is not a general uptick in cyber crime that happens to touch travel. It is a deliberate, seasonal intensification targeting an industry that processes enormous volumes of personal and financial data precisely when people are distracted, rushing, and eager to secure a good deal.”
A major part of these scams are phishing emails and fraudulent, spoofed websites, and these have shot up significantly. In May 2026alone, CPR says there were 47,318 new travel-related domains registered, which is up 33% from April and up 19% compared to May last year.
To make matters even worse, among these domains one in every 112 is already classified as either malicious, or suspicious. That doesn’t mean that the other 111 are legitimate, it simply means many others are laying dormant for now, waiting to be activated as summer traffic peaks.
If you are looking to book a flight, or accommodation, any time soon, make sure to double-check the domain you’re visiting, since major platforms like Booking, Airbnb, and Skyscanner, have already been spoofed thousands of times with fake websites stealing sensitive data and even money.
➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Please logout and then login again, you will then be prompted to enter your display name.
Why This Matters
This development may influence user expectations, future product strategy, and the competitive balance inside the broader technology industry.
Companies in adjacent segments often react quickly to similar moves, which is why stories like this tend to matter beyond a single announcement.
Looking Ahead
The full impact will become clearer over time, but the story already highlights how quickly the modern tech landscape can evolve.
Observers will continue tracking the next steps and how they affect products, users, and the wider market.
