Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.
Comodo Threat Research Labs detected the attack earlier this week, according to an article in Comodo's new Defend magazine. The seemingly benign email arrives with the sender email address [email protected], and the subject line: “Your Amazon.com order has dispatched,” along with an order code. The body is empty, but it's the attachment users have to look out for.
The attachment is a Word document containing malicious macro codes, which if enabled execute downloading of the Locky payload. Recipients are prompted upon opening the document to change Microsoft's settings to enable these macros – a tactic that has had a recent resurgence in popularity among cybercriminals.