The emails masquerade as dispatch notifications, but request additional information in an attached Word document. When unsuspecting shoppers open the attachment, a Trojan is activated that downloads malware that targets personal information, including banking data and log-in information.
As I blogged last week, Christmas is the busiest time of the year for cyber criminals: indeed, they tried the same approach with Amazon.com’s US customers last Christmas, as reported at the time by Malwarebytes.
Troy Gill of AppRiver, which identified the malicious emails, advises caution: “If you are suspicious of unauthorized activity on your Amazon account, never follow the link in an email such as this, go directly to the website and check your account from there.”
More than one in five Brits did their Christmas shopping online last year and the seasonal increase in online shopping this November and December will increase the likelihood of people falling for this attack. If you’re buying anything from Amazon this year, be especially careful of any dispatch emails you get, and don’t open any attachments.
If you’re concerned about your employees’ susceptibility to a phishing attack, you might be interested in IT Governance’s Employee Phishing Vulnerability Assessment. It will identify potential vulnerabilities amongst your employees and provide recommendations to improve your security, enabling you to have a broad understanding of how you are at risk, and what you need to do to address these risks.