Fake Expedia Email Harbors Malware
CREDIT: Malware image via Shutterstock
Cybercriminals have found an 'expedient' new way to trick you into downloading their malware: a fake email purporting to be from the travel-booking website Expedia.com.
A new phishing scam, discovered by security blog Hoax-Slayer, tries to get people to install malware onto their computers by hiding it in an email that claims to contain an itinerary for a recently booked travel plan.
The email does a pretty good job of looking legitimate, even using the Expedia logo and color scheme. However, the email address does not use Expedia's official site, which is expedia.com.au.
The file attached to the email is a .zip, a type of archive file that bundles together several smaller files. If users download that file and "unzip" it to view its contents, they'll see a file that looks like a PDF, that is, like it has the file extension .pdf. But the ".pdf" is just part of the file's name — with the actual extension, it looks something like itinerary.pdf.exe.
This is a fairly old and insidiously simple trick; because periods are allowed in file names, it's easy to name a file so that it looks at first glance like it has a different file extension. Executable files are programs that run on your computer, and most malware programs come as .exe files.
Once downloaded, the malicious program that was attached to the fake Expedia email searches for and gathers confidential information stored on the infected computer; the malware then connects that computer to a remote server operated by the cybercriminals.
This type of server, called a "command-and-control server," can then send commands to the infected computer via the malware program, and even install more malware onto the machine.
In using Expedia as the hook to get people to read the email and download the malware, the criminals aren't just targeting travelers. If you saw an Expedia email, but you hadn't booked a flight, you might think someone had stolen your credit card data, and you might click on the email to try to figure out what was happening.
Malware scams disguised as itineraries are fairly common, and similar attempts have circulated in recent years, with hackers masquerading as companies like Jetstar, Delta Airlines, American Airlines and more.