Every summer, millions of people book their ideal holiday online. But what many ignore is that, behind the apparent convenience of digital platforms, a strong growing threat is hidden: the scam websites that imitate reliable services such as Booking.com and Airbnb. According to recent analyzes conducted by Check pointIsraeli company activates in the cybersecurity sector, in the month of May 2025 they were registered beyond 39,000 new domains related to the world of travelwith 1 domain out of 21 deemed suspicious or harmful. Attacks are not limited to deceiving tourists looking for accommodation for their holidays: also the accommodation facilities are targeted with increasingly sophisticated digital traps, such as false authentication systems and malicious links capable of installing viruses and malware in the devices. For this it is essential to adopt good practices of digital hygiene – from the use of authentication to multiple factors at the URL verification – to protect your personal data and finances.
Examples of scams on short holiday rents
TO May 2025the increase in tourism domains recorded a +55% compared to the previous year. An increase that is not accidental, but directly connected to the growing activity of IT criminals that aim to exploit the seasonal predictability of users. The method is tested: websites are created that convincingly simulates the interfaces of famous and reliable platforms, such as Airbnb or Booking. These sites are then advertised through e-mails or deceptive messages, inducing the victims to enter credentials, bank data or perform actions that put the security of the devices at risk.
A concrete example concerns a false site with domain CLFLM-RELSLSLRLV-today.comdesigned to imitate Airbnb payment page. This site presented the official logo and a graphics similar to that of the well -known online portal for short rents, and was born with one goal: to steal the credit card data of unfortunate users, including the CVV code and the expiry date.
Booking was also targeted: under domination Booking-lossitresn.coma fraudulent portal was discovered to the owners of structures. In this case, the site simulated the access screen for host, and after login it required actions such as pressing key combinations (Win + R, Ctrl + v And Sending) which activated a harmful command. This command downloaded and installed a Rat (Remote Access Trojan), or a malware which allows remote control of the computer by the attacker through a server c2 (This type of server acts as a “bridge” between computer criminals and infected devices). In particular, it was used Asyncrata software known to be used in attacks aimed at the theft of data and unauthorized surveillance.
But the websites are not just the scam vehicle. Also the Phishing e-mail They are evolving. Another campaign identified by Check point The Booking.com hosts directly targeted, with messages that seemed to come from guests looking for lost objects. The trick was in the link contained in the e-mail, which was redirected to a site called Booking.resrv-d89149.coman accurate clone of the official access page. An interesting – and worrying feature – is the personalization of messages, a sign of the probable use ofGenerative artificial intelligence by hackers. This allows you to always create new messages, making it more difficult for automatic systems to recognize them as dangerous.
How to recognize fake sites and defend themselves from summer scams
During the summer holidays, the online behavior of users becomes more uniform and predictable. Reservations, confirmations, communications with hosts and support requests intensify, offering attackers a huge amount of data on which to build credible baits. And while many, with the approach of the holidays, lower their guard, the criminals work intensely to take advantage of moments of carelessness and relaxation of potential victims. That’s why we invite you to Limit the risks related to summer online scams following the suggestions provided by the experts of Check pointwhich we summarize below.
- Carefully check the URL of the websites: Scammers often use domains similar to legitimate ones, with the addition of small variations (for example, .Today, .info,. Site) or imperceptible spelling errors (such as B00king.com or Airbmb.com). A URL with spelling errors, anomalous symbols or unofficial domains must always be considered as suspicion.
- Book only from official sources: Make the address of the site manually in the browser bar or use the official apps provided by the latter. Never click on links received by e-mail or message if you are not sure of their origin.
- Activate authentication to multiple factors (MFA): This system adds an additional level of verification that protects you if your passwords should end up in the wrong hands.
- Use a VPN on public networks: If you really have to connect to a public Wi-Fi present at the airport or in the hotel, do it by taking advantage of a Virtual Private Networkwho encrypts the data transmitted, protecting you from possible interceptions.
- Install security software: Antivirus and anti-Malware solutions that control and block suspicious behavior in real time, both on PC and on smartphones, they can make a difference.
