Amazon Shipping update email contains malware

Graham Cluley
@gcluley

Waiting for a delivery from Amazon.com? Well, be careful if you receive a notification in your email – as it could be that hackers are trying to trick you into infecting your computer.

We’re intercepting a wave of forged emails which claim to come from order-update@amazon.com, but unlike regular emails from the dot com giant they have a malicious file attached designed to run a Trojan horse on your computer.

In a seeming attempt to entice users to open the dangerous attachment, the emails have embedded inside them an image of a familiar half-opened Amazon branded package.

The emails have the following characteristics:

Subject:
Shipping update for your Amazon.com order 254-71546325-658732

Message body:
Shipping update for your Amazon.com order 254-78546325-658742

“[Image of Amazon package]

Please check the attachment and confirm your shipping…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.