Spam Campaigns with Malware Impersonating Amazon Targets Netizens

Grahamcluley.com reported on 8th October, 2015 stating that a spam email containing malware is on the roll claiming to be from e-retail giant Amazon.

The email with the subject line "Your Amazon.com order confirmation for <email address>" tries to trick you to think that your credit card has been used without authorization to purchase goods (a 16GB iPhone in this case) on the website of Amazon.

If you closely look at the email, you might notice that they call it an Iphone instead of an iPhone and a genuine email regarding an Amazon order would contain the postal address for the delivery of the goods.

But this email contains an attachment especially a Word document laced with a malware which is an indication that this email is a fake one.

Therefore, don't get worried, if you receive an email informing you that your credit card has been charged for an item which you never purchased.

Rather, you should look for clues that the email may not be genuine. Unexpected attachments are one of the clues.

Moreover, you should be careful while clicking on links in unsolicited emails because they might take you to a phishing page or a website containing malware. In this particular case, the bogus email does link to the real Amazon website but the danger lies in clicking the attached .DOC file.

Unfortunately, this is not the first time that Amazon's name has been linked with a spam email campaign containing malware.

Security experts noted that almost at the same time in October 2014, customers of Amazon in UK were alerted about a malicious spam campaign that was reportedly hitting their inbox with notifications from the online retailer (Amazon).

The messages were apparently fitted with a tainted attachment in the form of a Microsoft Word document which led to hijacking their computer. The document had macro instructions that continued to download a piece of malware. Macros are scraps of VBA code which come in useful for automating repeatedly used tasks; but, they also carry a security risk due to which they are deactivated by default in Microsoft Office software solutions.

» SPAMfighter News - 10/14/2015