Malicious emails have been sent out disguised as originating from Amazon’s UK branch. The widespread email contains malware, so beware!

In a widespread attack, emails have been sent out by online criminals mimicking a legitimate Amazon UK email. The mail speaks about an unknown item which has been ordered. The sender’s address seems legitimate and the title of the email is “Your Order with Amazon.co.uk”. The links in the email are legitimate as well, but if the user tries to investigate which item they’ve supposedly ordered via the attached file “Your Order Details with Amazon.zip”, they’ll get infected.

This is how the email looks – watch out for it!

 

One would hope that most users are smart enough not to open a zip file in a mysterious email, but one could be forgiven for being confused by the apparent origin of it. Needless to say Amazon indeed has nothing to do with the malicious email.

 

Users protected by Sophos security products will find that the attachment is detected as Mal/BredoZp-B, a virus which is capable of stealing personal information including credit card or bank login details, as well as user profiles, software keys and passwords. Clearly, you should always keep your security systems up to date, and as always, be vigilant when it comes to strange emails.