Microsoft warns you to watch for malware disguised as holiday shopping email

Laurent Giret

As many shoppers are expected to take advantage of the various Black Friday deals available at online retailers this week, Microsoft’s Malware Protection Center is using a new blog post to remind everyone to be careful about increasingly sophisticated ransomware attacks. For those unfamiliar, ransomware is a specific type of malware that stealthily gets installed on your device and then holds your files or operating system functions for ransom. And if you’re not careful enough, you may well become a victim if you fail to recognize fake emails from online retailers.

According to Microsoft, a spam campaign using pretty strong social engineering mechanisms is currently targeting Amazon customers. “The fake emails pretend to be notifications from the online retailer that a purchase has been sent out for delivery. To appear legitimate, the emails may also spoof delivery companies.” You can see an example below:

black friday email 2
A sample fake Amazon email that also spoofs FedEx as the courier

Usually, these fake emails include an attached ZIP file that includes an obfuscated JavaScript file. If you open this attachment, the script will automatically download the ransomware which will then take take over your PC and personal files. Once the computer is infected, users will see a ransom note similar to this example below:

Ransom note example
This ransom note instructs victims to pay to regain access to their files.

If you want to learn how to protect yourself against these kind of attacks, Microsoft’s Malware Protection Center shared the following tips:

For end users:

  • Use an up-to-date, real-time antimalware product, such as Windows Defender for Windows 10.
  • Think before you click. Do not open emails from senders you don’t recognize.  Upload any suspicious files here. This campaign spoofs Amazon and the delivery companies Royal Mail, DHL, and FedEx. The attachment is a ZIP file, which may be a common attachment type, but it contains a .JS file. Be mindful of what the attachment is supposed to be (in this case, most likely a document) and the actual file type (a script).

For IT administrators:

  • Use Office 365 Advanced Threat Protection. It has a machine learning capability to help your network administrators block dangerous email threats. See the Overview of Advanced Threat Protection in Exchange: new tools to stop unknown attacks, for details.
  • Use Windows Defender Advanced Threat Protection to help detect, investigate, and respond to advanced and targeted attacks on your enterprise networks.
  • Use the AppLocker group policy to prevent dubious software from running.

As we’re just ahead of the holiday season, we hope these simple tips will help you go on with your online shopping activities in a safe way.