Your order on Amazon.com – Malware Email Scam

A new email scam is now going around posing as an Amazon.com order. The scam email claims that the person has purchased Asus laptop for $1099, plus shipping. Unlike a standard order summary email that Amazon sends you this email says to “Read at PDF Invoice File enclosed”. This should be the first red flag as to a scam since Amazon orders are never sent in PDF format. Below is a screenshot of the bogus email.

 

amazon scam

 

Here is the message in its entirety.

Order Confirmation
 Order #114-4788259-2304224

 Hi %USERNAME%,

 Thanks for shopping with our store. Weíll send a confirmation when your items have shipped. Your order details are attached. If you want to 
 cancel the status of your order or make any changes to it, please download and open data enclosed.

 Your estimated delivery date is:
 Thursday, November 8, 2014

 Your shipping plan:
 AmazonGlobal Expedited Shipping
 Your Orders 	

 Your order will be sent to:
 Read at PDF Invoice File enclosed
 Order Details
 Order #114-4788259-2304224
 Placed on Saturday, October 5, 2014
	
	ASUS N550JK-DS71T 15.6" Full-HD Touchscreen Quad Core i7 Laptop w/ Aluminum-Body, 8GB RAM & 1TB HD
	Intel Core i7-4700HQ 2.4GHz (Turbo 3.4 GHz).
	1TB Hard Drive. 8GB RAM. NVIDIA GTX850M 2GB-VRAM.
	15.6-Inch Full-HD IPS Touchscreen Display. 720P HD Webcam.
	3x USB 3.0, 1x HDMI, 1x MiniDisplay. SDXC Card Reader. 802.11 A/C, Gigabit ethernet port.
	Aluminum body construction. Includes external plug-in mini-Subwoofer.

	[Facebook] 	[Twitter] 	[Pinterest]
	$1,099.00
	Item Subtotal: 	$1,071.07
	Shipping & Handling: 	$31.97

	Total Before Tax: 	$1,103.04

	Order Total: 	$1,103.04

 To learn more about ordering, go to Ordering from Amazon.com.
 If you want more information or need more assistance, go to Help.

 Thank you for shopping with us.
 Amazon.com

 

 

What happens when you click the link do you ask? We tried it on a Windows 7 machine running Internet Explorer 8 and luckily Internet Explorer warned you that this file is unsafe. If the person chooses to continue the download a file will be downloaded called _invoice1104.pdf.scr. If the file is attempted to be opened once it is downloaded the file attacks the system posing as a screen saver file.

 

If your system becomes infected with this file here is what will happen. This is another trojan dropper that will download more malware once the victim’s computer is infected. Currently the malware is logging keystrokes, but the malware distributors could also download and install remote files, should they wish.

 

At the time of this writing we scanned this file on the virustotal.com website and this new infection is currently only detected by 31 of  the54 major antivirus companies. Currently two of the three major AV companies Trend Micro and McAfee have detection definitions for this file, Norton on the other hand does not but we believe that they will have  a detection definition out soon.

 

If you have not been a victim of this latest scam consider yourself lucky. At the time of this writing welivesecurity.com has reported over 160,000 people have fallen victim to this scam email. Here are some tips to protect yourself from this scam as well as any other potential scam emails:

 

1. Make sure you have an antivirus on your computer and it is up-to-date. We always recommend a purchased antivirus to protect yourself due to the additional layers of protection that come with them to help protect yourself from clicking something you wish you didn’t. If you can not afford a purchased version there are free antivirus software out there like AVG which can be found at AVG.com. The free version does not come with the extra layers of security as the paid version but it is much safer to run this than nothing at all.

2. If you receive an email from a website claiming that you have purchased something which you think is false go to the website directly, DO NOT click any links in the email. In the case of the Amazon.com email go to your address bar and type amazon.com and login to your account, if you do not have an Amazon account contact Amazon directly and find out what is going on.

3. Monitor your credit cards. If you receive an email claiming to purchase something contact your credit card companies to ensure that your credit cards were not compromised if you still fear that hackers may have your personal information.

If you have any questions or comments about this latest online threat please feel free to post below.

Leave a Comment