Fake Expedia Itinerary Confirmations Deliver Malware

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Hoax-Slayer is warning of malicious spam campaign of e-mails claiming to be itinerary confirmations from Expedia, offering trip details in an attachment (h/t Softpedia).

“Thanks for booking with Expedia! Below is a summary of the trip you recently booked,” the e-mail states. “To help ensure everything runs as smoothly as possible, keep this e-mail handy so you can refer to it when you check in as it contains all the essential information you’ll need.”

The attached ZIP file, according to Hoax-Slayer, contains an .exe file disguised as a PDF. The .exe file installs malware capable of stealing sensitive information from the infected computer and sending it to a remote server.

“If your receive any unsolicited and unexpected email claiming to contain travel booking information, do not open any attachments or click on any links that it contains,” Hoax-Slayer advises.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis