Skip to main content
Customer Support Customer Support

Amazon Users Targets of Massive Locky Spear-Phishing Campaign

  • May 26, 2016
  • 10 replies
  • 4 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
By Tom Spring May 26, 2016
 
                                            


 
Amazon customers were targeted in a massive spear phishing campaign where recipients received Microsoft Word documents with a macro that triggered downloads of the Locky ransomware. Researchers at Comodo Threat Research Labs say it is one of the largest spam ransomware campaigns this year.
 
Fatih Orhan, director of technology at Comodo and the Comodo Threat Research Labs, said the attack occurred on May 17 and lasted about 12 hours and is estimated to have pushed out as many as 30 million spam messages purporting to be an update from Amazon on a shipping order. Orhan told Threatpost the spear phishing campaign is notable not just because of its size, but also because the attackers were able to manipulate email header data to trick sender policy framework (SPF) controls on email gateways.
 
Full Article
    Dermot7
    Baldrick
    Ssherjj

    10 replies

    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • May 26, 2016
    Those creeps! Thanks for the warning and article Jasper. So many Amazon victims...another article for FB.
    IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
    Baldrick
    Jasper_The_Rasper
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • May 26, 2016
    Irrespective of how big & prolific the campaign is does not really matter...it is the general reaction to it. Small or big...proper precautions when receiving email from unknown or unexpected sources is paramount, i.e., delete them...end of story.
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Dermot7
    Jasper_The_Rasper
    Ssherjj
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • May 26, 2016
    What would we all do without all your smart common sense? Thsnk you Baldrick! Definitely do not open these emails;)
    IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
    Baldrick
    Jasper_The_Rasper
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • May 26, 2016
    Ah, but the words of wisdom come from the Maestro...;) (and he knows who he is).
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Ssherjj
    Dermot7
    Gold VIP
    Forum|alt.badge.img+3
    • Dermot7
    • Gold VIP
    • May 26, 2016
    @ wrote:
    Irrespective of how big & prolific the campaign is does not really matter...it is the general reaction to it. Small or big...proper precautions when receiving email from unknown or unexpected sources is paramount, i.e., delete them...end of story.
    Is it correct, what I recently read that instead of just deleting them, that marking them as Spam will prevent (perhaps with some filtering systems) any further emails from that source? 
     
    Baldrick
    Jasper_The_Rasper
    Ssherjj
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • May 26, 2016
    But it depends on whether your email client has a spam facility and if it does then does it work effectively...in my experience this is often not the case. But even if they are marked as spam they should still be deleted without opening...best to be safe than sorry.
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Ssherjj
    Dermot7
    Gold VIP
    Forum|alt.badge.img+3
    • Dermot7
    • Gold VIP
    • May 26, 2016
    @ wrote:
    But it depends on whether your email client has a spam facility and if it does then does it work effectively...in my experience this is often not the case. But even if they are marked as spam they should still be deleted without opening...best to be safe than sorry.
    Yes I agree, but if (like in my case) I don't have an email client installed, and log-in online to my account then my suggestion may work with the system they use, if I've explained that correctly. Does that make sense?  
     
    Baldrick
    Jasper_The_Rasper
    Ssherjj
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • May 26, 2016
    It does...but I would still delete the offending emails from your inbox even if held with your ISP. Better safe than sorry. ;)
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Ssherjj
    Dermot7
    Gold VIP
    Forum|alt.badge.img+3
    • Dermot7
    • Gold VIP
    • May 26, 2016
    @ wrote:
    It does...but I would still delete the offending emails from your inbox even if held with your ISP. Better safe than sorry. ;)
    Oh yes...I'm saying mark as Spam, then Delete, and of course avoid opening anything suspect etc. 😉
    Baldrick
    Jasper_The_Rasper
    Ssherjj
    Yankeelady2015
    Community Leader
    Forum|alt.badge.img+25
    Wow ? what an article!  "a macro that triggered downloads of the Locky ransomware" they are sneaky.   what next?   The black hole should swallow up these type of people who try and suceed to reak havoc on pc systems.  I'm glad I have Webroot :D
     
    Thanks for the interesting read.
     
    Julie
    ·.·´¯`·.· Julie ·.·´¯`·.·😉 "You tried all the rest, now experience the Best, WEBROOT SECURE ANYWHERE"!
    Dermot7
    Jasper_The_Rasper
    Terms & ConditionsAccessibility statement