One of our colleagues received spam emails today claiming to be from Amazon . These emails were sent from spoofed addresses and used high priority flags along with a variety of subjects including the following:
- Re: Order Shipped Today
- Your Order Processed Today
- Re: Item Waiting on delivery Now
- Re: Order Shipped Few hours ago
In this version they are no longer using a “Loading..” or “Please wait…” screen like in the previous one, but a more authentic looking page like this one:
This page is malicious and tries to infect the user’s machine with malware. Emsisoft detects this threat as a variant of Trojan.Win32.Cridex.
If you receive a suspicious email similar to the ones mentioned above, place your mouse pointer over the attached link in the email to view the real address of the sender. If Amazon does send you an email, then it actually comes from @amazon.com and not a foreign address.
Aside from Amazon, we also received some other spam emails but noticed there was something wrong with these phishing attempts. Please take a closer look at the picture below. Amusingly, this sloppy attempt at social engineering is a failure. The “From” address states that the mail was from LinkedIn, but within the body of the message you can see it claims to be from Facebook.