Emmanuel Marshall 07 December 2017 15:00:00 AEDT 1 MIN READ

Amazon Hype Exploited by Cybercriminals in New Email Scam


This morning the MailGuard system detected a new scam using fake payment receipts. These criminal-intent emails link to fake ‘receipt’ files which actually contain malicious JavaScript code (see screenshot above).

Today’s spin on this familiar scam formula was the exploitation of Amazon’s name to deceive victims.

Amazon is in the process of launching a host of new services in Australia, so this fraudulent email leveraging their brand-name is clearly trying to capitalise on the current buzz around the company.

These emails are trying to entice victims to click on the ‘order confirmation receipt’ link. The link actually opens a zipped JavaScript file; see screenshot below:

amazon3.png

JavaScript files are not used for simple documents like receipts, so they are a red flag for scam detection.
JavaScript is typically used by scammers to infect computers with viruses or install spyware.

If you’re caught up in the Amazon excitement, don’t get caught out by this scam. 

 

Don't Get Caught Out 


For comprehensive inbox security, protect your business with MailGuard's cloud-based email and web filtering systems.
Talk to an expert at MailGuard today about making your network secure: click here.

 

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates