There is a large number of sites that referred users to sites that are actually not real.
Researchers found that in recent months many sites built utilizing the WordPress platform have been hacked with malicious code that directed users to fake support sites and actually allowed the attackers to take over the sites.
The code itself was inserted not through WordPress itself, which means that it does not take advantage of one or another failure on the platform, but rather outdated plugins and themes, and exploits their low level of security. The code is inserted into the site’s PHP and in effect gives control to the attackers.
The surfers in those sites that are actually harmed are transferred to the sites that are presented as technical support, and the attackers can also attack surfers and break into their computers.
Among the sites that were damaged are also the site of the familiar Expedia Group. You can perform a Google search to see the affected sites.