Expedia.com is the latest legitimate company that cyber-criminals are using in order to trick you into downloading their malware.

The latest phising scam was brought to light by the Hoax-Slayer security blog , and works the same way as most phishing scams; attempting to get people to install the malware by hiding it in a seemingly legitimate looking email, in this case it happens to be a travel itinerary from Expedia.com.

Hoax-Slayer security blog stresses that the email is not from Expedia. The attachment is a .zip file that hides a .exe file disguised as a PDF. Opening the .exe file can install malware on the user's computer. If you receive one of these emails, do not open any attachments or click any links that it contains.



An email currently being distributed masquerades as a trip itinerary and booking advice from travel booking service Expedia.com.au. The email informs recipients of a recent travel booking they have made and suggests that they can view details of the supposed trip by opening an attached file. The message comes complete with the Expedia logo and color scheme.

However, the email is not from Expedia.com.au and the attachment does not contain trip details as claimed. In fact, the message is sent by online criminals’ intent on tricking recipients into installing malware on their computers.

The criminals bank on the fact that at least some recipients, panicked by the thought that their credit card has been used to book an expensive trip in their name, will open the attachment and corresponding .exe file without due care. People who have recently booked a trip with the company may also be more likely to fall for the ruse and open the attached file.

Typically, such malware can steal sensitive information from the compromised computer and send it to remote servers. It can also download even more malware and allow criminals to control the computer from afar.