Widespread fake Amazon orders lead to PDF malware


Well-crafted emails mimicking Amazon order confirmations have been detected in large quantities in the past week.  The Amazon logo and “your account” button actually take image files from the Amazon website.  The email includes twelve links designed to motivate recipients to click:

  • More information about an Amazon Visa card
  • The ordered items are not shown and are linked
  • The identity of “ordered by:” requires a click
  • Perhaps intentionally the order amounts do not add up leading a recipient to seek clarification by clicking on the order number
  • The header and footer of the message include “your account”, Help department”,  and “amazon.com” links

The links all lead to short-lived websites hosting malicious pdf files.  The pdf file is executed within an iframe and is therefore launched without user approval.  This final aspect highlights the importance of having a Web security solution to protect users.

Go back