The old Amazon “shipping confirmation” scam is once again making the rounds, attempting to convince unsuspecting users to click on links that lead to compromised websites hosting all sorts of malicious scripts.
Entitled “Your Amazon.com order of ‘Casio Men's EEDN7D-1 G-Shock Solar Atomic Digital Sports Watch’ has shipped!” the emails are designed to ultimately push pieces of malware onto the computers of unsuspecting internauts, Solutionary’s Security Engineering Research Team reports
Here’s what part of the email looks like:
Order # 889-2623316-0593748
Your estimated delivery date is:
Friday, July 13 2012
Track your package Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available.
If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
While at first glance the email may look legitimate, it’s actually filled with clues that reveal it’s true purpose.
For instance, all the links point to a compromised domain, instead of Amazon.com.
Furthermore, the format doesn’t match the legitimate one, all paths are hidden behind simple text links, and the Casio watch doesn’t even exist on the website.
Also, there’s the fact that Amazon never says “hello” without mentioning the recipient’s name.
Since this particular campaign leverages a security hole in Java Runtime Environment (JRE) to push malware, users can protect themselves by keeping all critical components patched up at all times and by ensuring that an antivirus solution is constantly running in the background.
Of course, the best thing to do is to ignore such emails altogether. However, since that’s a bit tricky when all it takes to become a victim is to click on a link, the aforementioned advise should keep you safe.