Expedia Travel Itinerary Malware Email
Email purporting to be a trip itinerary from travel booking service Expedia.com.au provides details for a recently booked trip and claims that recipients can view trip details in an attached file.
© Depositphotos.com/ La Fabrika Pixel s.l.
The email is not from Expedia. The attachment is a .zip file that hides a .exe file disguised as a PDF. Opening the .exe file can install malware on the user's computer. If you receive one of these emails, do not open any attachments or click any links that it contains.
Subject: Your Trip Details Lancaster Gate Hotel, London - 29/08/2013
Thanks for booking with Expedia! Below is a summary of the trip you recently booked.
To help ensure everything runs as smoothly as possible, keep this email handy so you can refer to it when you check in as it contains all the essential information you'll need.
If you're travelling internationally, don't forget to check the visa requirements for your end destination and any countries you're travelling through during your trip.
Expedia Itinerary Number(s)
See trip details below or Attached
An email currently being distributed masquerades as a trip itinerary and booking advice from travel booking service Expedia.com.au. The email informs recipients of a recent travel booking they have made and suggests that they can view details of the supposed trip by opening an attached file. The message comes complete with the Expedia logo and colour scheme.
However, the email is not from Expedia.com.au and the attachment does not contain trip details as claimed. In fact, the message is sent by online criminals intent on tricking recipients into installing malware on their computers.
The criminals bank on the fact that at least some recipients, panicked by the thought that their credit card has been used to book an expensive trip in their name, will open the attachment and corresponding .exe file without due care. People who have recently booked a trip with the company may also be more likely to fall for the ruse and open the attached file.
Those who do open the attachment will see what at first glance might seem to be an innocent PDF. If the message were genuine, a .pdf would probably be the expected file format. However, the malicious file actually has a double extension (.pdf.exe) and opening this .exe file will install the malware. Typically, such malware can steal sensitive information from the compromised computer and send it to remote servers. It can also download even more malware and allow criminals to control the computer from afar.
During the last several years, similar "Itinerary" malware emails have claimed to be from various other travel related entities including Jetstar
, Delta Airlines
and American Airlines
. If your receive any unsolicited and unexpected email claiming to contain travel booking information, do not open any attachments or click on any links that it contains.
Last updated: July 9, 2013
First published: July 9, 2013
By Brett M. Christensen