Connect with us

Hacker News

New Amazon Email Scam Targets Christmas Shoppers

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

New Amazon Email Scam Targets Christmas Shoppers

Published

4 years ago

on

New Amazon Email Scam Targets Christmas Shoppers

The Christmas period tends to be hit with various malicious spam and phishing campaigns, and this year is no exception. Attackers try to exploit shoppers who are ramping up their spending for the period, purchasing gifts for friends and family. Not only are people spending more money at this time of year, but shoppers are often less vigilant. When buying from so many different places, it can be hard to keep track and perform checks on websites.

EdgeWave, an email security company, discovered a new malspam (malicious spam) campaign in which attackers are sending emails masquerading as Amazon order confirmations. The emails look very convincing, leading many victims to believe they are legitimate.

New Amazon Email Scam Targets Christmas Shoppers

The malicious order confirmations are being sent with various subject lines, including “Your Amazon.com Order”, “Amazon order details”, and “Your order 162-2672000-0034071 has shipped”.

When the victim opens the email, they are shown an order confirmation that states that their item has been shipped, but doesn’t include information normally present in Amazon confirmation emails such as what items were ordered as well as tracking information.

The email includes an “Order Details” button wherein users can click to find out more information about the order. However, when the user clicks on the button, it downloads a Word document named order_details.doc.

 

When the document opens, users are hit with a message saying that they need to “Enable Content” in order to view the document properly.

If the user does click the button, macros will be triggered that execute a PowerShell command. The PowerShell command is responsible for downloading and executing the Emotet banking Trojan on the victim’s computer.

The Trojan runs silently in the background of the computer, logging keystrokes, and stealing account information.

Users are reminded to pay close attention to their emails and if there are any suspicions, shoppers can always log into the Amazon website to check their order details.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *