world of internet security, latest cyber security news,information,updates on technology,it job vacancies,internet security,breaches,and safeguards

Thursday, 8 October 2015

Amazon iPhone order email has malware attached

with 0 Comment
Watch out folks - malware has been spammed out in an email claiming to come from Amazon.

The email, which has a subject line of "Your Amazon.com order confirmation for <email address>", tries trick you into thinking that your credit card has been used without authorization to purchase goods on the Amazon website.

Amazon malware email

Part of the email reads:

Hello,
Thank you for shopping with us. You ordered "Apple I phone 6, Silver, 16 GB (Unlocked)".

We’ll send a confirmation when your items ship.

Details

Your credit card has been successfully charged for the total amount.

Please find attached the billing confirmation receipt.

If you're paying close attention you might notice that they call it an I phone rather than an iPhone, and that a genuine email regarding an Amazon order would contain the postal address that you wanted your goods delivered to.

But the real giveaway that this email is up to no good should be that it comes complete with an attachment - specifically a Word document.

Word document In the example I was sent by a reader, the attachment was a Microsoft Word document called amazon_invoice_991773782.doc.

What the fraudsters are attempting to do is trick you into opening the attached file, which comes booby-trapped with a Trojan horse (you can see what various anti-virus products identify it as via this Virus Total report  in the last 18 hours or so, many anti-virus products appear to have been updated to identify it).
Word document

If you open the Word document, your Windows computer will end up infected and compromised by the malware. And no, you're not even going to have a 16GB iPhone delivered for all your trouble.

So, don't see red when an email claims that your credit card has been charged for an item you never purchased. (Who would want a 16GB iPhone in this day and age anyway? Is that really enough space for all of your music, movies, apps and podcasts?)

Instead, look for clues that the email may not be legitimate. Unexpected attachments are one clue that mischief may be afoot, but also look for information (such as your snail mail address or full name) that would normally be included in the company's emails.

Furthermore, be wary of clicking on links in unsolicited emails  as they might take you to a phishing page, or a website harboring malware, rather than the real website. If in doubt, visit the website directly and log into your account to see if there are any unexpected orders or messages waiting for you.

In this particular case, the bogus email does link to the real Amazon website. the danger lies in clicking on the attached .DOC file. so don't be fooled into thinking just because there are legitimate links in an email that the rest of the message can necessarily be trusted.

0 comments:

Post a Comment