BEWARE: ‘Thank You for Purchasing’ Email Delivers Malware

Don’t be Fooled – ‘Thank You for Purchasing ‘ Email Delivers Malware.

Inboxes all over the world have been hit by another wave of spam emails. This time the modus operandi involves a sequence of “order notification” emails having the subject line “Thank You for Purchasing.”

The email claims that your order is currently being processed. The email raise doubts since the name of the company or sender is not disclosed and the type of product/service that has been purchased is also not revealed in the message. The information it does contain is the total order amount for the product/service purchased.

MUST READ: Android Users Receiving Amazon Gift Card Text Message Contains Gazon Malware

Example email:

beware-thank-you-for-purchasing-email-delivers-malware

There is a suggestion in the email that people open the attached file in order to learn more about the purchase.

Formatting wise the emails appear professional and at first glance completely genuine.

Apparently, the order amount, subject lines and attached files may vary because numerous versions of spam emails are being sent. For instance, some emails show the subject line “urgent notice” while others have “important notification.” 

MUST READ: Phishing Emails & Exploits Used by Attackers to Hijack Routers

Exposing the Malware:

These emails are not genuine and the order details that such emails contain are also invalid.

This is actually malware or spam emails which cybercriminals send to fulfil certain malicious objectives.

This sort of attacks has become a regular occurrence nowadays because cybercriminals hope that a few if not many will get panicked and will open the attached file considering that a large purchase has been falsely made on their behalf.

Hoax-Slayer reports that after opening the attached .Zip file and extracting the file it contains, the computer will instantly be affected by malware.

This malware’s behavior varies according to the core objective of the attackers responsible for sending the emails. It may aim to collect sensitive data from an infected computer and later transmit it to scammers. Alternately, it may also open doors for many more malware to be installed on your computer and link it to a botnet.

You need to beware of this type of email or any unsolicited email that claims that a purchase has been made in your name. This has become the most common and easily detectable form of distributing malware. Never click on or open any attachments, URLs or folders that such an email contains.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.