Close this search box.

Expedia Phishing Attempts

Vivian Lee

As the season gets warmer, travel season gets bigger. We look for reputable websites and try to book flights, cars, and hotels as quickly and safely as possible. However, as much as we try to avoid scams, scammers search us out.  For example, there have been reports of credit card phishing from Expedia.

How Expedia Works

Expedia, in simple terms, works as a middleman between a customer and a travel service (like flights and hotels). When you book a hotel through sites like Expedia, the site will have an inventory integration that accesses real-time availability and rates for rooms. This allows you to search for and book a room with little to no delay. Once the hotel’s reservation system confirms a reservation, it sends a notification of the confirmation to both the hotel and the customer. When it comes to payment, travel sites typically collect payment from the customer at the time of booking. The travel site then disburses the payment to the hotel, minus any commission or fees retained by the site.

This also means there are many opportunities for the systems to be hacked.

How the Expedia Phishing Works

In recent Expedia phishing attempts, hackers have compromised hotels and are sending messages to customers through Expedia’s platform. The messages typically state, “Due to recent updates to our booking policy, we need additional confirmation of your payment method” or “Your reservation may be canceled due to an error during verification of your payment method.” They’ll also state you have a deadline (typically 24 hours) to send the information or risk your reservation being canceled. As you can see in the images below, the messages come through the Expedia platform and a link is then provided.

Clicking the link will take you to a copycat site that requests your credit card information. At this point, if you’ve filled out your card information and send it out, you should probably call your bank and cancel the card immediately.

How Do I Know Its an Expedia Phishing Attempt?

Speaking with an Expedia customer service agent, they will confirm that, from their end, the messages you receive are coming directly from the hotel you’ve made reservations at. Looking at the messages, they may also have the dates of your booking, your full name, and even your itinerary number. These scammers will take every opportunity to add reputable details to gain your trust. However, here are some red flags to search for:

Initial Expedia Phishing Message

Keep an eye out for strange fonts or wording. As you can see from the image below, there will be slight inconsistencies in the font. While grammatical or wording errors are less likely now due to the rise in free public AI generators, they are not impossible.

Notice the height inconsistencies of the same letter and to the letters surrounding them. Zooming in, you’ll find the fonts of the letters are similar, but different, causing the height difference.

Pending Deadline

This phishing attempt is specifically targeting your urgency and fear about your hotel booking to steal your credit card. By claiming there is a deadline, they don’t give you the time to stop and process the information before acting.

The Expedia Phishing Link

As shown in the picture below, the link provided takes you to an “expedia-eu.req-****.com” site. The real Expedia website will not use the additional text.

Website Details

  • Support Chat
    • As you can see in Image 1, the support chat automatically pops up and reiterates what the initial message said. It then claims your card will be refunded a random amount to confirm payment. However, as shown in Image 4 of the official Expedia app, the help agent icons are completely different. When clicking the help agent, you should also be first connected to a virtual agent with commonly asked questions options.
    • Additionally, on the real chat support shown above, you can see the chat will be labeled “Virtual Agent” with the Expedia logo, whereas the fake one below is labeled “Support Chat”.
  • Currency
    • If the currency does not match your local currency. In this case, this should have been US dollars, but the website uses Euros (Image 2).
  • Who’s Checking In?
    • It does not list your room information (i.e. how many adults/children, what size bed(s), smoking/non-smoking) (Image 5)
    • No asterisks on required information.
    • No dropdown with your saved traveler profile information.
  • Payment Method
    • No asterisks on required information.
    • The card number does not have any indication that it is a secured server.
    • It lists “Card number” rather than “Debit/Credit card number”. (Image 3)
    • It does not request the expiration date with a drop down menu. (Image 6)
    • It does not ask if you’d like to remember the card for future use.
  • Confirmation Email
    • The Expedia website should send any confirmation details to your account. This means you should not have to list your email since it is already connected to your account.

What Should I do?

First, its HIGHLY recommended to NOT click any links. Contact your helpdesk agent from the official website. Go to Google and search for Expedia just to be sure. If your agent confirms the message is from your hotel (at least from what they can see), try to contact your hotel directly by calling them. If you’re unable to get in touch with them, contact Expedia and request they contact your hotel for you.

Most likely, your hotel and Expedia will tell you to not take any action if you have not clicked any links or filled out any information. They will confirm your reservation and send you another email confirmation with your itinerary info (i.e. date of stay, check-in and check-out time, confirmation number, etc.).

If you have mistakenly sent your credit card information through, contact your bank and cancel your card immediately. Then, contact Expedia and report the phishing attempt.

To wrap up, if you are planning on traveling anytime soon, make sure you’re contacting your hotels directly if you get any suspicious messages, even if they’re from Expedia.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

What is a Chief Resilience Officer? (And What Do They Do?)

We can’t stress enough to our clients that it’s not a matter of if but when they’ll face a cyberattack. It’s not just large companies that face threats—small and medium companies face risks too. Smaller organizations often lack staff and security resou
Avatar photo
Conor Quinlan
>>Read More

2024 Cyber Resolutions

New Year New Cyber Resolutions As we step into the 2024, we start setting resolutions for personal growth and well-being, as we do every year. However, this year, let’s broaden our commitment beyond just personal goals. Drawing parallels between indivi
Vivian Lee
>>Read More

Recent Tech Layoffs Sharply Increase Insider Cybersecurity Threat

Video Overview As Layoffs Abound, HR and IT Teams Must Collaborate to Deter Insider Cyber Threats Airiam, a managed IT and cybersecurity company with a strong focus on cyber resilience, today revealed an increased risk of insider cybersecurity breaches
Avatar photo
Bill Bowman
>>Read More