The email below: "Your Amazon.co.uk Order has Dispatched," has a malicious Microsoft Word document attached. The fake message was designed to trick curious recipients into opening the malicious attachment, by claiming that they have purchased an item from Amazon and they should open the attachment to view delivery estimates and other open orders.
The Fake and Malicious Email Message
Your Amazon.co.uk order has dispatched (#203-2083868-0173124)
Subject: Your Amazon.co.uk Order has Dispatched
From:Amazon.co.uk [auto-shipping @amazon.co.uk] [add contact]
ORDER-203-2083868-0173124.doc (153.5 KB)
Greetings from Amazon.co.uk,
We are writing to let you know that the following item has been sent using Royal Mail.
For more information about delivery estimates and any open orders, please visit:
Your order #203-2083868-0173124 (received October 30, 2014)
Your right to cancel:
At Amazon.co.uk we want you to be delighted every time you shop with us. Occasionally though, we know you may want to return items. Read more about our Returns Policy at:
Further, under the United Kingdom's Distance Selling Regulations, you have the right to cancel the contract for the purchase of any of these items within a period of 7 working days, beginning with the day after the day on which the item is delivered. This applies to all of our products. However, we regret that we cannot accept cancellations of contracts for the purchase of video, DVD, audio, video games and software products where the item has been unsealed. Please note that we are unable to accept cancellation of, or returns for, digital items once downloading has commenced. Otherwise, we can accept returns of complete product, which is unused and in an "as new" condition.
Our Returns Support Centre will guide you through our Returns Policy and, where relevant, provide you with a printable personalised return label. Please go to x to use our Returns Support Centre.
To cancel this contract, please pack the relevant item securely, attach your personalised return label and send it to us with the delivery slip so that we receive it within 7 working days after the day of the date that the item was delivered to you or, in the case of large items delivered by our specialist couriers, contact Amazon.co.uk customer services using the link below within 7 working days after the date that the item was delivered to you to discuss the return.
For your protection, where you are returning an item to us, we recommend that you use a recorded-delivery service. Please note that you will be responsible for the costs of returning the goods to us unless we delivered the item to you in error or the item is faulty. If we do not receive the item back from you, we may arrange for collection of the item from your residence at your cost. You should be aware that, once we begin the delivery process, you will not be able to cancel any contract you have with us for services carried out by us (e.g. gift wrapping).
Please also note that you will be responsible for the costs of collection in the event that our specialist courier service collect a large item from you to return to us.
As soon as we receive notice of your cancellation of this order, we will refund the relevant part of the purchase price for that item.
Should you have any questions, feel free to visit our online Help Desk at:
If you've explored the above links but still need to get in touch with us, you will find more contact details at the online Help Desk.
Note: this e-mail was sent from a notification-only e-mail address that can not accept incoming e-mail. Please do not reply to this message.
Thank you for shopping at Amazon.co.uk
---------- ----------- ----------- ---------- -------
Amazon EU S.C3A0.r.L.
c/o Marston Gate
Ridgmont, BEDFORD MK43 0XP
---------- ----------- ---------- --------- ---------
If the recipients open the malicious email attachment and enable "Editing and Content" in Microsoft Word, the malicious document, using Macros (a set of instructions), will attempt to download and open a virus or some form of malicious program from the website http://ctmail .me/.
The web address or URL where the Macro will attempt to download the malicious file from is:
Note: the cyber-criminals behind this malicious email message may use a different web address or change the name of the file.
The file "1.exe" is the virus or a Trojan horse.
Now, if you have already opened the malicious Microsoft Word document, please do a full scan of your computer with the antivirus software installed on it.
Because, once your computer has become infected with the malicious Trojan horse, the cybercriminals behind the email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
For a list of other malicious email messages, please click here.