The other day , before Christmas, I joined a long queue at Chester Post Office to collect some undelivered mail and watched countless people leaving with Amazon parcels. For a few weeks now I regularly received through my email address what purported to be an email from Amazon about a recently placed order. Typically the email read as follows:-
Thanks for your order. We'll let you know once your item(s) have dispatched. You can view the status of your order or make changes to it by visiting Your Orders on Amazon.com.
Order FB6361337 Placed on December 10, 2013
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon. Amazon.com
(Ed. This email also included an attached file named "Order details.zip")
This in fact is a fraudulent email which has been hitting inboxes around the world that masquerades as an order notification message from Amazon.com. The message thanks recipients for placing an order with Amazon and informs them that they can view order details by opening an attached file.
But, alas, Amazon did not send the email and the attached .zip file does not contain order details as claimed. If opened, the .zip file reveals a .exe file. And, if users run this .exe file, a trojan virus may be installed on their computers
Typically, such trojans can harvest personal and financial information such as account login data from the compromised computer and send it to criminals waiting online. It may also allow the criminals to take control of the infected computer.
The criminals hope that at least a few recipients, who have not made any recent Amazon orders, will be panicked into opening the attachment in the mistaken belief that a purchase has been made in their names.
And, of course, users who have recently bought items on Amazon might be tricked into opening the attachment in the belief that the file it contains pertains to their order.
Amazon's name has been used repeatedly in similar malware attacks in recent years.
Be very wary of any unsolicited email that claims that you should open an attached file or click a link to review details of a purchase order. This is a common ruse for both phishing and malware campaigns