Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 158 - July, 2013 (2nd Edition) - Page 13

Expedia Travel Itinerary Malware Email

Issue 158 Start Menu

Previous Article            Next Article

Outline
Email purporting to be a trip itinerary from travel booking service Expedia.com.au provides details for a recently booked trip and claims that recipients can view trip details in an attached file.

Booking

© Depositphotos.com/ La Fabrika Pixel s.l.



Brief Analysis
The email is not from Expedia. The attachment is a .zip file that hides a .exe file disguised as a PDF. Opening the .exe file can install malware on the user's computer. If you receive one of these emails, do not open any attachments or click any links that it contains.

Bookmark and Share
Example

Subject: Your Trip Details Lancaster Gate Hotel, London - 29/08/2013

Hi,

Thanks for booking with Expedia! Below is a summary of the trip you recently booked.

To help ensure everything runs as smoothly as possible, keep this email handy so you can refer to it when you check in as it contains all the essential information you'll need.

If you're travelling internationally, don't forget to check the visa requirements for your end destination and any countries you're travelling through during your trip.

Expedia Itinerary Number(s)

See trip details below or Attached

Expedia Malware


Detailed Analysis


An email currently being distributed masquerades as a trip itinerary and booking advice from travel booking service Expedia.com.au.  The email informs recipients of a recent travel booking they have made and suggests that they can view details of the supposed trip by opening an attached file.  The message comes complete with the Expedia logo and colour scheme.

However, the email is not from Expedia.com.au and the attachment does not contain trip details as claimed. In fact, the message is sent by online criminals intent on tricking recipients into installing malware on their computers.

The criminals bank on the fact that at least some recipients, panicked by the thought that their credit card has been used to book an expensive trip in their name, will open the attachment and corresponding .exe file without due care.  People who have recently booked a trip with the company may also be more likely to fall for the ruse and open the attached file.

Those who do open the attachment will see what at first glance might seem to be an innocent PDF. If the message were genuine, a .pdf would probably be the expected file format.  However, the malicious file actually has a double extension (.pdf.exe) and opening this .exe file will install the malware.  Typically, such malware can steal sensitive information from the compromised computer and send it to remote servers. It can also download even more malware and allow criminals to control the computer from afar.

During the last several years, similar "Itinerary" malware emails have claimed to be from various other travel related entities including Jetstar, Delta Airlines and American Airlines. If your receive any unsolicited and unexpected email claiming to contain travel booking information, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: July 9, 2013
First published: July 9, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Jetstar 'Flight Itinerary' Malware Email
Delta Air Lines Passenger Itinerary Receipt Malware Emails
American Airlines Flight Ticket Order Malware Emails



Previous Article            Next Article

Issue 158 Start Menu

Pages in this issue:
  1. Capri Sun Mold Warning
  2. False Child Abduction Alert - 'Lilly Snatched From Surrey'
  3. Gas Saving Tips - Are They Really Saving You Anything?
  4. China Food Imports - Is It Really That Simple?
  5. Jury Duty Phone Scam Warning
  6. Myth - Ice Water Can Cause Dangerous Bloating in DogsD
  7. Amazon 'Important Message From Security Center' Phishing Scam
  8. Hoax: Facebook to Start Charging This Summer
  9. Kmart Australia Giveaway Like-Farming Scam
  10. Do Water Filled Zip-Lock Bags with Added Pennies Keep Flies Away?
  11. Photos of Old Car Collection Found in Portugal Barn
  12. Faux Image - Mounted Police Officer Riding Giant Dog
  13. Expedia Travel Itinerary Malware Email
  14. 'Google Account Hacked' Text Message Scam
  15. Completely Pointless and Misleading 'Facebook Privacy Notice'
  16. Hoax - Pope Benedict XVI Resigned Papacy to Convert to Islam
  17. Wonga.com 'Account Error' Phishing Scam
  18. Hoax Warning Claims Deadly Swine Flu Epidemic in South Africa
  19. Australian Government Withdrawing Funds From Inactive Accounts Warning
  20. 'Facebook Has Sent You a Message' Pharmacy Spam
  21. Pepsi Cola Bottling Company 'Grant Compensation' Advance Fee Scam
  22. Does a Viral Image Depict a Monkey Saving a Puppy From An Explosion?
  23. Advance Fee Scammers Using Cloned FB Accounts To Gain Victims
  24. South African 'Mighty Men' Conferences Racial Integration Hoax
  25. Did Samsung Pay a $1 Billion Fine to Apple in 5 Cent Coins?
  26. Browser and Operating System Survey Scam
  27. Circulating Message Falsely Accuses Pictured Man of Being a Human Trafficker