The e-mails, which appear to be sent from an @tiffany.com e-mail address, state, "Kindly open to see export License and payment invoice attached, meanwhile we sent the balance payment yesterday. Please confirm if it has settled in your account or you can call if there is any problem. Thanks, Karen parker"
The attachment, named invoice copy.zip, delivers Windows malware idenfied by Sophos as Mal/BredoZp-B.
"Little blue boxes from Tiffany & Co. are the stuff of dreams for many," writes Sophos' Graham Cluley. "Don't let an unexpected e-mail delivery -- apparently from the company -- make you so giddy with an excitement that you end up with a computer nightmare."