Web users are being warned about hoax emails claiming to be from online retailer Amazon.
The emails, which supposedly come from firstname.lastname@example.org, claim to contain an update on a order, along with an attachment. They recommend recipients open the attachment to check on their order.
However the attachment, usually a PDF, is infected with a malicious Trojan that will infect a user's PC if opened.
Security vendor Sophos said it had indentified the attached malicious files as Mal/CryptBox-A and Troj/CryptBx-Zp.
Sophos also said the email contains an Amazon image, which according to Graham Cluley from the security firm, is an attempt by hackers to get recipients to blindly trust the sender and open the attachment immediately, without checking the validity of the email.