Fake malware-laden Amazon emails target UK, US shoppers

As the holiday season slowly approaches, and users increasingly turn to the Internet to do their holiday shopping before the seasonal madness begins, cyber crooks are trying to take advantage of the fact.

According to AppRiver researchers, two distinct malware delivery campaigns impersonating e-commerce giant Amazon are currently hitting inboxes.

The first one is directed at UK users, and the company has already quarantined over 600,000 of these messages. The malicious email takes the form of a delivery confirmation message and carries a Word document that supposedly contains the needed information.

Unfortunately for those who open the file and have macros enabled in Word, the action triggers the installation of a Trojan dropper that downloads additional malware aimed at harvesting login credentials for various online services, including online banking.

The second campaign comes in the form of an order confirmation from Amazon.com (click on the screenshot to enlarge it):

“These email have a bit more of a legitimate look as they utilize actual graphics taken from Amazon,” Troy Gill, manager of security research at AppRiver, pointed out. Also, this campaign is less intense than the first one – the company has blocked “only” about 160,000 messages so far.

The supposed invoice file attached is actually a Trojan dropper that will download additional malware once the host is infected.

“This is a very popular time of the year for these types of scams with so many people in shopping mode in preparation for the holidays. With many people expecting purchase confirmations and shipping confirmations with much more frequency, it increases the likelihood that people will far for this scam,” says Gill.

“Be extra cautious this holiday shopping season and if you are suspicious of unauthorized activity on your Amazon account, never follow the link in an email such as this, go directly to the website and check your account from there,” he advised.