Fraudulent emails have been sent out claiming to be from Amazon, potentially affecting thousands of people across the world.
The messages claim to come from a manager at Amazon, thanking the recipient for shopping with the company and telling them they have ordered a Sony Bravia, Sophos found.
Attached to the emails is a file named AMAZON_LABEL_07_07-2010.zip, which is malicious and, if clicked, could leave the user's computer and social networking accounts open to an attack, explained Graham Cluley, senior technology consultant at Sophos.
"If you're befuddled by the email in your inbox out of the blue then the most natural thing in the world might be to open the attachment in an attempt to determine what's going on - especially if you're worried your credit card may have been erroneously charged for some expensive TV hardware," Cluley said in a blog post.
He noted hackers had previously sent out emails, claiming to be shipment updates from Amazon. On one occasion, the fake message said it was for a Sony VAIO laptop order.
This shows just how repetitive the malware world is, Cluley added.
Last month, research from life assistance organisation CPP showed over 420,000 scam emails are sent every hour in the UK.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victimsNews Attackers are using AWS’ server-side encryption to conduct ransomware attacks
-
Amazon confirms employee data compromised amid 2023 MOVEit breach claims – but the hacker behind the leak says a host of other big tech names are also implicatedNews Millions of records stolen during the 2023 MOVEit data breach have been leaked
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
MSPs are struggling with cyber security skills shortagesNews A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
-
Nearly 70 software vendors sign up to CISA’s cyber resilience programNews Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
-
Sophos and Tenable team up to launch new managed risk serviceNews The new fully managed service aims to help organizations manage and protect external attack surfaces
-
Ransomware groups are using media coverage to coerce victims into payingNews Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
