Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





Expedia Travel Itinerary Malware Email

Outline
Email purporting to be a trip itinerary from travel booking service Expedia.com.au provides details for a recently booked trip and claims that recipients can view trip details in an attached file.

Booking

© Depositphotos.com/ La Fabrika Pixel s.l.



Brief Analysis
The email is not from Expedia. The attachment is a .zip file that hides a .exe file disguised as a PDF. Opening the .exe file can install malware on the user's computer. If you receive one of these emails, do not open any attachments or click any links that it contains.

Bookmark and Share
Example

Subject: Your Trip Details Lancaster Gate Hotel, London - 29/08/2013

Hi,

Thanks for booking with Expedia! Below is a summary of the trip you recently booked.

To help ensure everything runs as smoothly as possible, keep this email handy so you can refer to it when you check in as it contains all the essential information you'll need.

If you're travelling internationally, don't forget to check the visa requirements for your end destination and any countries you're travelling through during your trip.

Expedia Itinerary Number(s)

See trip details below or Attached

Expedia Malware


Detailed Analysis


An email currently being distributed masquerades as a trip itinerary and booking advice from travel booking service Expedia.com.au.  The email informs recipients of a recent travel booking they have made and suggests that they can view details of the supposed trip by opening an attached file.  The message comes complete with the Expedia logo and colour scheme.

However, the email is not from Expedia.com.au and the attachment does not contain trip details as claimed. In fact, the message is sent by online criminals intent on tricking recipients into installing malware on their computers.

The criminals bank on the fact that at least some recipients, panicked by the thought that their credit card has been used to book an expensive trip in their name, will open the attachment and corresponding .exe file without due care.  People who have recently booked a trip with the company may also be more likely to fall for the ruse and open the attached file.

Those who do open the attachment will see what at first glance might seem to be an innocent PDF. If the message were genuine, a .pdf would probably be the expected file format.  However, the malicious file actually has a double extension (.pdf.exe) and opening this .exe file will install the malware.  Typically, such malware can steal sensitive information from the compromised computer and send it to remote servers. It can also download even more malware and allow criminals to control the computer from afar.

During the last several years, similar "Itinerary" malware emails have claimed to be from various other travel related entities including Jetstar, Delta Airlines and American Airlines. If your receive any unsolicited and unexpected email claiming to contain travel booking information, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: July 9, 2013
First published: July 9, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Jetstar 'Flight Itinerary' Malware Email
Delta Air Lines Passenger Itinerary Receipt Malware Emails
American Airlines Flight Ticket Order Malware Emails