You better watch out! These fake Amazon order email confirmations are banking Trojans in disguise

December 21, 2018

This year’s holiday shopping season is set to be the biggest ever, and as usual, scammers are hitting shoppers right where it hurts.

Now, Amazon shoppers are receiving fake order confirmations that look legitimate. Don’t click anything in your inbox from Amazon until you’ve read this!

And you better watch out, this particular one is extra naughty – it will install banking malware on your computer!  Read on and we’ll show you what to look for.

This Amazon scam is a banking Trojan

A new malware campaign was recently discovered by email security firm EdgeWave. This time, attackers are sending out poisoned messages that look like legitimate Amazon order confirmation emails.

According to Bleeping Computer, these malicious emails have subject lines such as “Your Amazon.com order,” “Amazon order details” and “Your order 162-2672000-0034071 has shipped.”

If you’re curious enough to open this malicious email, it will display an order confirmation stating that one of your items from Amazon has shipped. However, if you look closely, the email doesn’t provide any additional details like the item ordered or tracking information.

What the crooks are counting on is that you’ll click the strategically-placed “Order Details” button to find out more about this particular order.

And you probably know what comes next, right? Clicking on the button will download a malicious Word document named order_details.doc.

If you attempt to open this document, it will prompt you to click the “Enable Content” button.

Don’t click this button! Why? Clicking it will trigger nasty macros on the document that will download and install the banking Trojan known as Emotet on your computer.

Note: Word and Excel both have a system that lets users create “macros.” These are little programs that make it easier to do complex or repetitive tasks. However, macros also let hackers create viruses that run when you open a poisoned Word or Excel file. Never run macros from an unknown source.

Once installed, the banking Trojan will silently run in the background, logging all your keystrokes and stealing your credentials and personal information along the way.

This malware campaign is spreading fast. So far, this attack was found to be using servers located in Columbia, Indonesia, and the U.S.

How to protect yourself

Don’t let grinches like these ruin your holidays. Here are safety precautions we recommend during this holiday shopping rush.

Be vigilant – It’s important to be cautious about attachments or links you receive, even the ones that seem to be from a source that looks familiar (like Amazon, Apple, Microsoft. etc.)

Be aware -While the holiday phishing season is at its peak, don’t click on any links that claim to be from Amazon or any other retailer. Always check the shopping site’s official app or website to check your legitimate order details.

Be cautious – Additionally, Excel, Word, and PDF files can contain macro viruses. For your gadget to be infected, you need to download and open the malicious file. You should never download an attachment unless you are absolutely sure where it’s coming from.

How to make sure your Office macros are off

The latest versions of Excel and Word have macros turned off by default, specifically to avoid viruses. If you open a file that includes macros, Excel or Word will ask if you want to turn macros on. Always click “No.”

If you want to verify that they are off for your copy of Word and Excel, click the Office button in the upper-left corner of the program and select “Word Options” or “Excel Options.”

Select “Trust Center” in the left column and on the right click the “Trust Center Settings” button. Then select the “Macro Settings” area and make sure it’s set to “Disable all macros with notification.” If a file requires macros, you’ll get a notice, but macros won’t run automatically.

Tags: Amazon, Apple, computer, devices, hackers, malware, phishing, security, settings