Recently I have been receiving regular emails purporting to have come from Amazon – which like most people I use a fair bit nowadays.
I use a website based in Australia called hoax-slayerto check up on dodgy looking emails to see if they contain a real threat to my computer or are just hoaxes. Glad I did because this is a nasty threat.
The hoax-slayer site says
" A fraudulent email currently hitting inboxes around the world masquerades as an order notification message from Amazon.com. The message thanks recipients for placing an order with Amazon and informs them that they can view order details by opening an attached file.
But, alas, Amazon did not send the email and the attached .zip file does not contain order details as claimed. If opened, the .zip file reveals a .exe file. And, if users run this .exe file, a trojan may be installed on their computers.
Typically, such trojans can harvest personal and financial information such as account login data from the compromised computer and send it to criminals waiting online. It may also allow the criminals to take control of the infected computer.
The criminals hope that at least a few recipients, who have not made any recent Amazon orders, will be panicked into opening the attachment in the mistaken belief that a purchase has been made in their names.
And, of course, users who have recently bought items on Amazon might be tricked into opening the attachment in the belief that the file it contains pertains to their order.
Amazon's name has been used repeatedly in similar malware attacks in recent years.
Be very wary of any unsolicited email that claims that you should open an attached file or click a link to review details of a purchase order. This is a common ruse for both phishing and malware campaigns