Fake Amazon smartphone shipping confirmation leads to malware

The gift-giving holidays are almost over, but shopping online is an all-year-round activity for many users and they are often warned to be careful when indulging in it.

According to Hoax-Slayer, Amazon customers are currently being targeted with fake emails purportedly coming from the e-commerce giant, confirming the purchase and the shipping of a Sprint HTC Evo 4g Android Cell Phone which is supposedly just a portion of the order.

“You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you,” it says in the email.

The statement would not create havoc in the mind of someone who has bought this item, but random users are sure to be worried about the fact that they have been charged for something they did not order and are likely to believe that cyber crooks have somehow managed to use their credit card to effect the purchase.

Unfortunately, clicking on links offered in the email in order to get to the bottom of this can only end in disaster. The users are taken to legitimate but compromised sites that host the BlackHole exploit kit, which takes advantage of security flaws present on their Windows computers to deliver a variant of Cridex, an information-stealing piece of malware that also opens a backdoor to the affected system and downloads further malware.

Users are advised to be careful when evaluating emails such as this one and to remember that clicking on links contained in unsolicited messages is always a bad idea.




Share this