Don’t open!

Although so many hackers choose to attack innocent computer users via websites today, that doesn’t mean that malware spread via email attachment is dead.

Take this example, for instance, which we have seen in large numbers in our spamtraps today. The emails, which have the subject “Worldpay CARD transaction Confirmation”, claim that you have made an order with Amazon, and that a record of your payment is included in the attached file – called

Email claiming to be Amazon invoice via Worldpay

Of course, opening the attached file is a very bad idea indeed.

Sign up to our free newsletter.
Security news, advice, and tips.

Sophos users are protected against the Trojan horse proactively as it is detected as Mal/WaledPak-A; with our products providing detection of this malware at the email gateway and at the desktop. In addition, the emails are stopped as spam by our anti-spam solutions.

However, users of products from other security vendors would be wise to check that their products are properly protecting against this latest attack wave.

Worldpay malicious email list

It wouldn’t be surprising if some people did open the malicious attached file, concerned that they were being billed for a purchase they hadn’t made. This is a trick that the bad guys have been using for years. Take a look at this example from last month, for instance.

Hackers know if you think that your credit card has been debited without your permission that you’re more likely to click on an attachment without thinking about the possible consequences. Don’t make life easy for them – think before you click.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.