Fraudulent emails have been sent out claiming to be from Amazon, potentially affecting thousands of people across the world.
The messages claim to come from a manager at Amazon, thanking the recipient for shopping with the company and telling them they have ordered a Sony Bravia, Sophos found.
Attached to the emails is a file named AMAZON_LABEL_07_07-2010.zip, which is malicious and, if clicked, could leave the user's computer and social networking accounts open to an attack, explained Graham Cluley, senior technology consultant at Sophos.
"If you're befuddled by the email in your inbox out of the blue then the most natural thing in the world might be to open the attachment in an attempt to determine what's going on - especially if you're worried your credit card may have been erroneously charged for some expensive TV hardware," Cluley said in a blog post.
He noted hackers had previously sent out emails, claiming to be shipment updates from Amazon. On one occasion, the fake message said it was for a Sony VAIO laptop order.
This shows just how repetitive the malware world is, Cluley added.
Last month, research from life assistance organisation CPP showed over 420,000 scam emails are sent every hour in the UK.
-
AWS chaos and supercomputers surgingITPro Podcast As the dust settled on the AWS outage, the US Department of Energy announced a slew of new supercomputers for national security
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victimsNews Attackers are using AWS’ server-side encryption to conduct ransomware attacks
-
Amazon confirms employee data compromised amid 2023 MOVEit breach claims – but the hacker behind the leak says a host of other big tech names are also implicatedNews Millions of records stolen during the 2023 MOVEit data breach have been leaked
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
MSPs are struggling with cyber security skills shortagesNews A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
-
Nearly 70 software vendors sign up to CISA’s cyber resilience programNews Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
-
Sophos and Tenable team up to launch new managed risk serviceNews The new fully managed service aims to help organizations manage and protect external attack surfaces
