We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Fake Amazon UK Order Confirmation E-mails Deliver Malware

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Sophos researchers are warning of a widespread attack that leverages fake Amazon.co.uk e-mails to trick users into opening malicious attachments.

The e-mails, which are convincingly disguised as order confirmations, use the subject line "Your Order with Amazon.co.uk."

All links in the e-mail go to the legitimate Amazon UK Web site, but an attachment named "Your Order Details with Amazon.zip" contains a Trojan identified as Mal/BredoZp-B.

"It's understandable that some computer users would be fooled into opening the attachment, as they might be wondering what on earth they have ordered from Amazon. ... Although there has been increased talk recently of drive-by-downloads and compromised websites being used to deliver malware onto the computers of unsuspecting computer users, it's worth remembering that email-based malware is far from dead," writes Sophos' Graham Cluley.

Submit a Comment

Loading Comments...