Cyber threats have been dogging the tourism scene lately. Group-IB’s Cybercrime Trends 2025 report casually points out that travel and tourism is the go-to playground for cyber crooks. They note a bunch of common scams—from investment fraud and bogus romance schemes to fake delivery services, tech support scams, and even lottery rip-offs.
In 2024, over 200,000 fraudulent online resources were flagged—a 22% jump—with nearly 39% of those scams zeroing in on tourism. Phishing, for its part, still looms large as a means for hackers to obtain sensitive data through various unpredictable methods.
In that same year, 80,000 phishing websites surfaced, another 22% increase compared to the year before. These sites copy the look of trusted services and big-name brands—fooling consumers and professionals alike, almost as if by design. Not too long ago, Microsoft even raised an alarm, pointing out a scheme where hackers posed as Booking.com to mislead hotel owners.
Europe, for one, finds itself in the crosshairs. As the holiday season creeps up, phishing attempts become noticeably more frequent. Generally speaking, the old continent reported that 57.6% of phishing attacks last year were aimed at travel-related targets. That is, more than half of the phishing sites identified in 2024 had connections with tourism.
What’s even more interesting is the regional contrast. Latin America, where approximately 40.9% of phishing attempts target tourism, along with Europe—the only region showing such marked vulnerability—stands out from areas like North America, the Asia Pacific, the Middle East, and Africa, where tourism isn’t among the top five targets.
Adding to the mix, the report highlights a trend that gives everyone pause: cybercriminals are increasingly turning to AI-generated deepfakes to imitate identities and slip past security measures, making it ever easier to access private data.