After you are done shopping on any e-commerce website, receiving a confirmation email about your purchase is an expected thing. But, if you are receiving any such confirmation emails whose sender seems to be a popular online shopping portal and are mostly blank but contain attachment(s), then be cautious.
Many users have reported about receiving ‘Amazon order dispatched‘ emails, containing only attachments, and with the subject line “Your Amazon.com/.uk order has been dispatched (#67587534xxxx)”. In most cases, curiosity gets the better of the receiver and they end up downloading the attachment.
These emails are fake and are not really sent by any of Amazon’s representatives. The perpetrators are simply using Amazon’s name to trick their targets.
The attachments that these emails carry are designed to install malware on the receiver’s computer. As observed, some of these attachments are compressed .zip files, while some are .docm (Word Open XML Macro-Enabled Document file).
Downloading these attachments are suspected to install the latest ransomware (Locky) on the victim’s computer. Once in, the malware encrypts all the files it can find and demands a ransom to decrypt them. Know more about Locky ransomware from this post.
In other cases, downloading the attachments can drop a spyware which can steal vital information like login ID and passwords of banking and other online accounts.
Stay safe with these simple measures
• Do not trust emails which you were not expecting, even if they seem to be from someone you know.
• Never download attachments or click on links that come with unexpected, unsolicited or suspicious emails.
• Emails about order confirmation usually have the details printed in the body of the email and not as attachments.
• If you were expecting an email that asks you to download an attachment or click on a link, it is safe to confirm the message with the sender first.