Comodo Threat Research Labs detected the attack earlier this week, according to an article in Comodo’s new Defend magazine. The seemingly benign email arrives with the sender email address firstname.lastname@example.org, and the subject line: “Your Amazon.com order has dispatched,” along with an order code. The body is empty, but it’s the attachment users have to look out for.
The attachment is a Word document containing malicious macro codes, which if enabled execute downloading of the Locky payload. Recipients are prompted upon opening the document to change Microsoft’s settings to enable these macros – a tactic that has had a recent resurgence in popularity among cybercriminals.