Cybercriminals sent out tens of thousands of phishing emails mainly to users in the USA. The subject of the email suggests that Amazon has sent a gift card. Once the email is opened, users are tricked into believing that one of the biggest companies in the world has sent them a free gift of $100.
The whole message reads:
We are delighted to enclose a $100 Amazon gift card as our way of saying Thank You
Amazon gift cards looking exactly like the ones you receive from Amazon that deliver a banking malware for the gullible people. They have the correct Amazon logos, order numbers, and so on.
Once an unaware user clicks on the fake gift card, one of the following three banking trojans is installed:
A Word file is downloaded that urges the soon to be victims to enable macros. Once the “Enable Content” button is pressed, payload files of the malware are downloaded onto the device.
Screensaver files containing malicious scripts that are able to evade email security are downloaded.
A file that is embedded in the body of the email is executed as soon as the link is pressed.
This malware targets computers with Windows Operating System, and the main goal of it is to steal banking credentials.
Think Before You Click!