Emails, purporting to be from Amazon.com, supposedly provide shipping and order details about recent purchases and urge recipients to follow links to track the package or manage orders.
The emails are not from Amazon.com. Links in the email open websites that harbour malware that can exploit security flaws on unpatched Windows computers.
Subject: Your Amazon.com order of “Sprint HTC Evo 4g Android Cell Phone” has shipped!
Order # 422-7649490-9680520
Your estimated delivery date is:
Tuesday, December 30, 2011
Track your package Thank you for shopping with us. We thought you’d like to know that we shipped this portion of your order separately to give you quicker service. You won’t be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
Sprint HTC Evo 4g Android Cell Phone $189.95
Item Subtotal: $189.95
Shipping & Handling: $0.00
Total Before Tax: $189.95
Shipment Total: $189.95
Paid by Visa: $189.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
A series of fake ‘Shipping Confirmation” emails purporting to be from Amazon.com have been hitting inboxes around the world. The messages supposedly provide recipients with shipping and order information about a recent purchase of expensive items such as mobile phones or computer equipment.
The emails invite recipients to click links, ostensibly to track their package, manage orders or arrange for the return of the shipped item.
However, the messages are certainly not from Amazon and they do not contain information about any genuine purchase. In fact, the emails are designed to panic users into clicking links in the mistaken belief that their Amazon account or credit card has been compromised.
Those who fall for the ruse and click one of the links will be taken not to Amazon.com as they expect, but rather to a website that harbours a BlackHole Exploit Kit. This criminal toolkit is used to infect the hapless visitor’s computer with malware by exploiting security flaws present on the targeted PC.
This particular attack attempts to infect the visitor’s computer with a version of the Cridex malware that can steal personal and financial information from the infected computer, connect to a remote server and download further malware components.
Subject lines and other details, including the item supposedly purchased, vary in different incarnations of the malware message. Be cautious of any unsolicited email claiming to be a shipping notification from Amazon. If you receive such an email do not follow any links that it may contain.
Similar ruses are often used by phishing scammers to trick Amazon users into divulging their login details and financial information.