AppRiver Spotted Two Separate Phishing Campaigns Impersonating Amazon

Web and email security researchers of AppRiver have intercepted two types of phishing emails targeting innocent customers of the e-commerce giant Amazon and both contain Trojan malware which collect email credentials, banking login details and social media information.

The first campaign impersonated as notifications from Amazon.co.uk entitled: Your Amazon Order Has Dispatched (#3digits-7digits-7digits). These messages emulated as notifications about order shipment.

AppRiver said that these messages started hitting its filters on Halloween and have been hitting constantly since then. 600,000 messages out of them were successfully quarantined and each message embraces a Word Document containing a malicious macro and if it is allowed to run, the Macro installs a Trojan dropper.

In a separate email blast, another criminal is distributing tainted emails posing as confirmation emails from Amazon. The company found total 160,000 malicious messages in this case.

There may be some differences in the emails like subject line and way of infection however the ultimate goal remains the same, installing malware.

The message looks more authentic because of inclusion of official logo of Amazon.

Softpedia.com published a report on 8th November, 2014 quoting Troy Gill, Senior Security Analyst of AppRiver, as saying "Instead of a tainted attachment, these messages use links to compromised sites of Wordpress. If you click on these links, a .scr file known as invoice1104.pdf(dot)scr will be downloaded and the executable is also a computer Trojan dropper with the unchanged functionality of adding and installing malware on the machine."

The downloaded file does not have the regular document (Word,PDF) but it has the SCR extension which should alert the recipient and stop him from launching it.

This is a very good time of the year for these kinds of scams because many people are in shopping mood to prepare for holidays. As many Internauts anticipating purchase confirmations and frequent shipping confirmations, it increases the probability that they will distant from this scam. AppRiver advises shoppers to be extra careful during this holiday season and suggests the people to never follow any embedded URL just like the above one and inform straight to the site and check account form there in case of any suspicious unauthorized activity on your Amazon account.

» SPAMfighter News - 11/17/2014