'Thank You For Purchasing' Emails Contain Malware
Emails with subject lines such as 'Urgent Notice' and 'Important Notification' thank you for purchasing with a company and suggest that you open an attached file to review order details. The emails include order totals amounting to several thousand dollars.
The emails are not from any genuine company and the supposed purchase details are not valid. The attached .zip file contains malware.
Identity theft is one of the fastest growing crimes in the world. Learn how to stay safe online with Hoax-Slayer's comprehensive eBook:
Subject: Important Notification B041557794
Thank you for purchasing with us today! Your order is on process at present.
Order Total: 3592 AU Dollars
Please check the word file provided below to view more information about your order.
Order Number: ODI723430099
Order Date: 12.17 Mar 02, 2015
Customer Email: [removed]
Attachment name: Payment details W880742251.zip
Subject: Urgent Notice P414296231
Thanks for purchasing with our company today! Your order is currently processing.
Order Total: 5155 AU Dollars
Kindly check the invoice given below to view more information about this issue.
Order Number: DXX889907299
Purchase Date: 6.46 Monday, Mar 2 2015
Purchaser Email: [removed]
Attachment name: Payment details S411028064.zip
'Thank You for Purchasing ' Emails Claim Attachments Contain Order Info
A series of 'order notification' emails are currently hitting inboxes. The emails thank you for purchasing and claim that your order is being processed. The emails do not name the company that supposedly sent the notifications. Nor do they say what product or service was supposedly purchased.
However, they do include an order total amounting to several thousand dollars along with an order number, order date and customer email address.
They suggest that people check the attached file to find out more information about the purchase.
The emails are formatted fairly professionally and may appear to be genuine at first glance.
Details such as subject lines, order totals, and attachment names may vary in different versions of the emails.
Some have the subject line 'Urgent Notice'. Others may have the subject line 'Important Notification'.
Emails Not Genuine - Attachments Contain Malware
However, the emails are certainly not genuine order notifications and the order details included are not valid.
The criminals responsible for the emails hope that at least a few recipients - panicked into believing that a large purchase has been made in their names - will open the attachment without due caution.
However, the attached .zip file harbours malware. If you unzip the attachment and then click the file inside, the malware may be installed on your computer.
The behaviour of the malware may vary based on the specific goals of the criminals who send it. The malware may collect sensitive information from the infected computer and relay it to scammers. It may also download further malware, and join the computer to a botnet.
Fake order receipt emails are a very common means of distributing malware
. Be wary of any unsolicited email that claims to contain information regarding a purchase you know nothing about. If you receive such an email do not click any links or open any attachments that it contains.
Last updated: March 4, 2015
First published: March 4, 2015
By Brett M. Christensen
Malware Threat Articles