Amazon Order Confirmation Phishing Scam

Amazon Order Confirmation Phishing Scam

All those who have relied upon the e-commerce giant Amazon to order their holiday gifts should heed caution when receiving order confirmation emails, as EdgeWave reportedly discovered a new and highly sophisticated malspam campaign sending fake Amazon order confirmation messages.

The messages are reportedly quite convincing, and include subject lines that read “Your order,” “Amazon order details” and “Your order 162-2672000-0034071 has shipped.”

According to BleepingComputer, “When you open these emails, you will be shown an order confirmation that states your item has shipped, but without any details regarding what was ordered or tracking information. It then tells the recipient to click on the Order Details button in order to see more information.”

Credit: Bleeping Computer
Credit: Bleeping Computer

Unsuspecting users who click on the link thinking they are downloading a Word document named order_details.doc are then instructed to “Enable Content” so that the order may be properly viewed. However, these unwitting users are actually enabling content that triggers the macros to execute a PowerShell command, which reportedly downloads and executes the Emotet banking Trojan.

EdgeWave told BleepingComputer that while researchers were testing the malicious document, the Emotet downloaded as keyandsymbol.exe even though the name of the Trojan was mergedboost.exe.

“Interestingly, these other servers are in Houston and Lansing. Playing Dora the Explorer for a moment, we’ve encountered a compromised email server in Columbia sending phishing email with a link to a server in Indonesia that downloads malware which then contacts compromised servers in the United States,” EdgeWave reportedly said.

Articles You May Like

Ransomware Gangs Adopting Business-like Practices to Boost Profits
5 free OSINT tools for social media
As part of AI push, Chinese tech giant Baidu is now rolling out an AI venture fund
A brief history of VR and AR
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

Leave a Reply

Your email address will not be published. Required fields are marked *