Security experts have discovered a new spam campaign using a combination of brandjacking and a Java exploit. The messages are made to look like order confirmations from popular e-tailer Amazon.com and contain a link to a supposed order made on the site. Recipients who click on it wind up on a malicious site that determines what browser and versions of Java, Flash and Adobe Reader the visitor has before selecting an exploit to use against them.
Amazon is no stranger to being brandjacked. Their name has been showing up in phishing attacks for years. With their Amazon Prime service making them an even more popular online shopping destination, it’s not surprising spammers are continuing to exploit them.
So far tens of thousands of the spam emails have been detected. Fortunately they are not too difficult to detect. Like many spam/scam emails, there are misspellings and grammatical errors, things rarely found in legit emails from the company. They are also addressed to “Dear Amazon Customer” or “Dear User” rather than personalized. This is a big red flag. Despite their increasingly sophisticated techniques, for many of them, their English and writing skills remain poor.