Amazon shoppers are receiving fake order confirmations that look legitimate. Don’t click anything in your inbox from Amazon until you’ve read this!

And you better watch out, this particular one is extra naughty – it will install banking malware on your computer! Read on and we’ll show you what to look for.

This Amazon scam is a banking Trojan

A new malware campaign was recently discovered by email security firm EdgeWave. This time, attackers are sending out poisoned messages that look like legitimate Amazon order confirmation emails.

According to Bleeping Computer, these malicious emails have subject lines such as “Your order,” “Amazon order details” and “Your order 162-2672000-0034071 has shipped.”

If you’re curious enough to open this malicious email, it will display an order confirmation stating that one of your items from Amazon has shipped. However, if you look closely, the email doesn’t provide any additional details like the item ordered or tracking information.

What the crooks are counting on is that you’ll click the strategically-placed “Order Details” button to find out more about this particular order.

And you probably know what comes next, right? Clicking on the button will download a malicious Word document named order_details.doc.

If you attempt to open this document, it will prompt you to click the “Enable Content” button.

Don’t click this button! Why? Clicking it will trigger nasty macros on the document that will download and install the banking Trojan known as Emotet on your computer.

Once installed, the banking Trojan will silently run in the background, logging all your keystrokes and stealing your credentials and personal information along the way.

This malware campaign is spreading fast. So far, this attack was found to be using servers located in Columbia, Indonesia, and the U.S.

Protect yourself

Don’t let grinches like these ruin your holidays. Here are safety precautions we recommend during this holiday shopping rush.

  • Be vigilant – It’s important to be cautious about attachments or links you receive, even the ones that seem to be from a source that looks familiar (like Amazon, Apple, Microsoft. etc.)
  • Be aware -While the holiday phishing season is at its peak, don’t click on any links that claim to be from Amazon or any other retailer. Always check the shopping site’s official app or website to check your legitimate order details.
  • Be cautious – Additionally, Excel, Word, and PDF files can contain macro viruses. For your gadget to be infected, you need to download and open the malicious file. You should never download an attachment unless you are absolutely sure where it’s coming from.