Fake Amazon UK Order Confirmation E-mails Deliver Malware
The well-designed e-mails link to the legitimate Amazon site, but contain a malicious attachment named 'Your Order Details with Amazon.zip.'
Sophos researchers are warning of a widespread attack that leverages fake Amazon.co.uk e-mails to trick users into opening malicious attachments.
The e-mails, which are convincingly disguised as order confirmations, use the subject line "Your Order with Amazon.co.uk."
"It's understandable that some computer users would be fooled into opening the attachment, as they might be wondering what on earth they have ordered from Amazon. ... Although there has been increased talk recently of drive-by-downloads and compromised websites being used to deliver malware onto the computers of unsuspecting computer users, it's worth remembering that email-based malware is far from dead," writes Sophos' Graham Cluley.