New Locky ransomware campaign sets sights on Amazon customers
A new email phishing campaign discovered by Comodo Group is designed to tricky Amazon customers into downloading Locky ransomware.
Comodo Threat Research Labs detected the attack earlier this week, according to an article in Comodo's new Defend magazine. The seemingly benign email arrives with the sender email address email@example.com, and the subject line: “Your Amazon.com order has dispatched,” along with an order code. The body is empty, but it's the attachment users have to look out for.
The attachment is a Word document containing malicious macro codes, which if enabled execute downloading of the Locky payload. Recipients are prompted upon opening the document to change Microsoft's settings to enable these macros – a tactic that has had a recent resurgence in popularity among cybercriminals.