Phishing Scam on Amazon Order Confirmation

Now-a-days people might receive emails that claim to be from Amazon, the e-commerce giant, but actually are fake emails. The major issue with these spoof emails or phishing emails is they all look so original like the real email. So whoever buys products from Amazon, should now heed caution about the order confirmation emails, as EdgeWave reportedly found a highly sophisticated new malspam campaign sending false order confirmation messages of Amazon.

The email recipient often fall victim to these emails as the messages seems quite convincing and have subject line such as - "Your order 162-2672000-0034071 has shipped", "Your Amazon.com order", and "Amazon order details".

As per BleepingComputer, "when you open these emails, you will be shown an order confirmation that states your item has shipped, but without any details regarding what was ordered or tracking information. It then tells the recipient to click on the Order Details button in order to see more information".

The recipient does not suspect any danger as the email look like the real email and click on the Order Details button link, as they think that they are downloading the word document containing the details about their orders (as the name of the document is also order_details.doc). Once the recipient clicks the link, then he/she has been instructed to "Enable Content" in order to view the order information properly. However, the reality is as soon as the recipient enable content, it triggers the macros that executes PowerShell command, which reportedly downloaded and executed Emotet banking Trojan.

The Emotet Trojan primarily spread by spam emails (malspam), and the infection generally arrives either via macro-enabled document files, malicious script, or malicious link. Security researchers in the year 2014 identified Emotet banking Trojan for the very first time. Emotet designed originally as banking malware which tries to sneak in your computer, and then steal private and sensitive information. Later versions of this software saw addition of spamming as well as malware delivery services - that includes other banking Trojans.

The Emotet uses its worm-like capabilities to spread onto the other connected computers, in order to distribute the malware. Department of Homeland Security due to this functionality of Emotet concludes that it is actually one of the costliest and destructive malware, which is affecting the private and government sectors, organizations and individuals.

» SPAMfighter News - 1/10/2019