Home / Uncategorized / Do Not Click a Weird Amazon Invoice — Trojan Horse!
Print Friendly and PDF

Do Not Click a Weird Amazon Invoice — Trojan Horse!

Written by Gary North on May 28, 2012

A site member on GaryNorth’s Specific Answers described what happened to him. He had been hit by a virus. Here is what he reported.

I received an email from Amazon and it looked like the real thing. It showed that someone in Ghana had bought about $53 worth of stuff on my account. It looked like a standard email invoice/confirmation and had a link back to the Amazon site to my account. Since I have an account with them, I thought it was legitimate and I clicked the link to see what was going on with the account.

That’s when the “fun” began. I started getting messages from my anti-virus software that it had detected a virus threat and treated it but the threat kept reappearing with a slightly different file names. It also detected a couple of other threats and took care of them. I was still having problems.

Just to be sure, I ran the Microsoft Malware program (http://www.microsoft.com/security/scanner/en-us/default.aspx). Since I was not sure where the threats were located, I did a full HD deep scan. It took almost three hours but it did find and neutralize two more severe threats.

Just be vigilant and know that these spammers/hackers are getting very sophisticated and beware. This one sucked me in and cost me about 24 hours of time to correct the problem.

Another site member responded.

Thanks for sharing. I’ve had 4 Trojans removed in the last ten days or so. It really seems to be accelerating. I have found Trend Micro the best after trying Norton, MacAfee, Antispyware, and Avira. Only Trend removed the trojans quickly without any input from me.

I immediately recognized this. Earlier in the morning, I got a notice from Amazon about a $66 payment for a Kindle version of The Hunger Games.  I did not understand this. Why would anyone pay $66 for a digital book?

What saved me was that I did not click any link to find out what this was all about. I decided to ask my wife if she had ordered this book. She said no. I put it out of my mind.

I downloaded the free Microsoft program:


I ran it. It told me that there was nothing suspicious on my hard drive. It’s clear that my refusal to click that notice saved me.

If you get such an invoice from Amazon, do not click the link.

For verification, see any of these articles on it: www.bit.ly/FakeInvoiceTrojan Others say it’s malware. In either case, don’t click it.

Print Friendly and PDF

Posting Policy:
We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read more.

22 thoughts on “Do Not Click a Weird Amazon Invoice — Trojan Horse!

  1. There is also one going around regarding acknowledgement the CANCELLATION of your order. I would imagine this is the same scam.

  2. Never click a link. Open a new browser window and go to the Amazon website directly through your account login. The same holds true for banks, Paypal and anything else. Don't click links in emails just go to the sites direct if you think you have business to attend to.

  3. Not to minimize these experiences. A good rule of thumb is to NEVER click a link in an email especially if it looks legitimate. To make sure it is legit, go to your favorite web browser and go to the company that is referred to in the email, in this case amazon.com. Go to your account. If in fact someone from Ghana had hacked your account and purchased books they would be in your "recent orders". If it has been hacked and there is an order. You are at the correct place to stop it. I got this same email. I have also received the same email from American Express, Apple, Intuit, Amazon, paypal and verizonwireless. (All were either phishing or trojan horses. The way to combat them is to forward the email to the respective companies. I have found all the ones I mentioned have a fraud email. Just forward the suspect email to spoof@… (example Spoof@paypal.com) and they will take it from there.

  4. I was bitten by this one also. But I learned. One thing you can do is hover over the link and (in Firefox, at least), it shows the underlying link. This will give you a clue as to whether or not the link is legit. Malware links usually have nothing in common with the Text above it in the email.
    FWIW, I use the Startpage search engine that never records your IP address, and the search list give the option of using a proxy to do your search on your behalf, reporting the results to you, while the target server only get to track it as if it were Startpage that did the search. Some of those sites simply Reset the connection if they can't track you, which tells you all you need to know about them!

  5. kodster says:

    As a customer service representative for Amazon.com, any time you receive an email that looks suspicious, do not hesitate to contact us to verify the email you received. You can log into your account, by going to the site directly, NEVER by clicking the link in the email, and clicking on the Your Account link, which will take you to the link to Contact Us. Using this link will save you time and effort, because WE will call you back, usually within 5 minutes, so you're not sitting there on hold, and then the security verification is completed ahead of time, because you contacted us through your account, which you had to enter your password, etc, to verify you as the account holder. Less frustration. OR you can call us at 1-866-216-1072.

    If you do get an email, please forward it to us at stop-spoofing@amazon.com, so that we can be aggressive in locating who is sending these, and get it stopped.

  6. Jonathan says:

    I might have to disagree with the person in the article who said Trend Micro was the best internet security software. It's been a couple of years since I used them so perhaps things have changed, but Trend Micro did not give very good results for me. I switched to Norton when I built my new computer a year and a half ago and I have not had any major threats hit my system. Norton used to be a huge computer resource hog several years ago and I know some avoided them for that. But they have made some great improvements. I think internet security software companies rise and fall in their levels of effectiveness over time so it's probably always a good idea to do some research every year or two to see who has the best results.

  7. bullrider says:

    There is no ‘best’ program for preventing / removing viruses and trojans. Some programs will pick up malware others miss; some will ‘false positive’ where others don’t. I’m a systems analyst and work in a sizeable IT department and I’ll offer my input:
    1. We moved to Symantec (Norton) anti virus on our system two years ago and I HATE it. It is an extreme resource hog. It may be effective but it’s much like strangling someone to keep them from breathing polluted air.
    2. It is possible to get excellent protection by using totally free applications. Microsoft Security Essentials is very good (not perfect, nothing is). I have the SuperAntiSpyware program installed and it scans my system at intervals. The Malwarebytes application is one of the best and I keep it installed and updated and run it periodically to ‘deep scan’ my system. I have seen it find and fix things that other programs didn’t.
    3. The best protection is COMMON SENSE! If you are being asked to click on a link to get something that sounds good that you didn’t expect you were getting, be extremely suspicious! Clicking on a link to see an invoice for something you didn’t buy or a delivery you were not expecting is just plain recklessly stupid. For some reason nearly all of these bogus emails have massive misspellings and grammatical errors that you would not expect any real company to make. LOOK at what the email says, check it like an English teacher would, and you will almost always find numerous errors – a definite tip-off.

  8. bullrider says:

    One more comment, there ought to be one central clearinghouse that you could forward all suspect emails to. Amazon uses ‘stop-spoofing’@…’ others use ‘spoof@…’ etc. and you shouldn’t have to research to see where to send these to have them checked out.

    If we could forward them all to one main address, the government could use their massive snooping computer power to check out THOSE senders and THOSE emails, instead of studying everything we email between our family and friends, as they now do.

  9. griz312000 says:

    I got the one about cancelling my Amazon order. I contacted Amazon customer service and they had numerous reports of the same thing. They do want the emails forwarded to them for their investigation. The address to report these emails is:
    stop- spoofing@amazon.com

  10. Smeethow says:

    Thanks for that tip 🙂

  11. I do tech support for a major consumer anti-virus product line, and running AV software software is only part of what should be your 'safe computing' strategy. Here are the components, in order of importance:

    1. Do NOT click on any link unless you are absolutely sure what it is. This includes attachments, downloads, or software that wants to install (i.e. a search toolbar) as you're downloading something else
    2. Make sure all of your software (Windows, Java, Adobe, etc.) are all running the latest updates and security patches
    3. Install and run a good brand of AV software, keep it updated, know how to tell if it is functioning correctly or not.
    4. Make sure all your important stuff (documents, photos, music, and anything else you don't want to lose) is backed up.

    If you faithfully follow these steps, you will greatly reduce your chance of being infected with malware. I only say "greatly reduce", not "eliminate completely", because there's always the chanced that something will beat the odds and get through, cause havoc, and maybe even destroy your computer. This is the reason for #4.

  12. It really makes me feel for you guys, to hear such horror stories. As a former IT Director and Security Diector, I strongly suggest to my friends who use a PC, that they install an external, UNIX/Linux-based firewall and if it's a laptop that leaves the house/office, they install a non-Mocrosoft firewall application on the laptop, for when they're away from the external firewall. That's still not a cure-all, since Windoze is so full of security holes. But it's a huge improvement over simple antivirus software, which you still need, BTW.

    As for me, this month marks 11 years of using OS X on my various Macs, with no anti-virus software, no firewall, and no viruses. I occasionally have to run Windoze on my Mac, so it can get a virus and often does. But every time I boot Windoze, it boots from a "clean" snapshot, so any viruses that it got the last time I used it, are gone. The worst virus that I ever got was gone in less than a minute, with a simple reboot.

    So while I do feel for you Windoze users, it's hard to feel too much sorrow for you. After all, "you" chose to use Windoze.

  13. What a quaint idea? Why would the government want to use their massive snooping capability to do something that actually helps Americans? They need all that power to seek out those evil American citizens, who dare speak ill of Obama, The Anointed One.

  14. boomer8 says:

    GOOD GRIEF WE GET THIS SORT OF EMAIL ALL THE TIME! From Chase Bank, Bank of America, Wells Fargo, Verizon, etc., even Robert Mueller at the FBI and many places we don't have an account!
    All you have to do is click on the link and your computer is doomed if you don't have a virus protection update on your anti-Virus software!! They use real looking logos and their are quite authentic looking!
    We even got a phone call 2 weeks back from some dude with a Sri Lanka accent claiming he was from MicroSoft and wanting us to get in front of our computer because we "had a virus". Yeah, right. Hung up on his crookedASS. He called back, trying to convince us he was from MicroSoft!!
    Be careful out there, people!!!!

  15. Public Citizzen says:

    There are a couple of solutions to this problem but they involve non-Micro$oft solutions.
    For those of you who insist on using a house of cards, inherently insecure operating system [anything by Micro$oft] you need to install REAL security software. NOD32 by ESET is probably the best out there. They haven't missed a virus or trojan in the wild since their first release, over 10 years ago. Stay away from Norton unless you want your system bogged down to about 50% of the performance you bought your current machine for.
    The better solution is to familiarize yourself with the Linux operating system which is available in several different versions for no-cost download. Linux is inherently more secure than anything ever offered by Micro$oft as it is built from the ground up to be secure, not a continuing heap of patches one on top of another to fix individual exploits and defects.

  16. Thanks for the 'heads up'! I run Microsoft Security Essentials' which (surprise to me) is actually GOOD! I ran several of the other (touted as) good virus/spy software programs over the years and find Microsoft's just as good, maybe better AND it's FREE.

    And I NEVER click a link in MailwasherPro (my mail scanning software). I ALWAYS copy/paste the link into the search engine in my browser. Anyone who clicks a link in their mail scanner OR even in their email program if they have ANY doubt about what it actually is, well they're just ASKING for trouble! You have to be OVERLY careful out there! :o)

  17. I should have added that I also run 'Trojan Hunter' also (runs 24/7) plus a couple of others that run in the background (can't remember the names at this moment). So as good as MSE's is I also employ other software at the same time. ;o)

  18. Hmmm….. I see you're not getting many 'likes' (or dislikes for that matter). Looks like you're pretty much ignored (perhaps because of your condescension?) In case you're not aware EVERYONE isn't a former IT Director or expert. We're just your normal users (whether Apple or Microsoft) and wouldn't know how to stay safe by using an external hard drive (other than for more space…my reason for them). If you REALLY want to be helpful why not explain the process for ANY user, Windows OR Mac?

  19. Cliffystones says:

    For some reason Mac users tend to be harsh towards PC users. I'm not sure why. But I could retort that I don't have the premium cash to spend to support Apple and look cool.

    For those of you who do a lot of work on the Internet there is a cheaper solution. This includes Gary North if he's reading this. PC hardware is cheap. You can get a complete desktop or laptop capable of doing 95% of Internet tasks for under $500. I've seen laptops from Micro Center sell for around $250!

    Get yourself a descent PC/laptop. Make all of your "restore" and "rescue" disks for Windows. Then download a copy of Linux Mint. Burn the download to a blank DVD, reboot to it and install it in a dual-boot configuration. And don't worry, a novice can do the installation. Now when you start the computer you will have a choice to boot into Linux Mint or Windows 7. Choose Linux Mint and use it for Internet browsing. You'll find all of the software you need; web browsers, multimedia, office suite, etc. already installed and free! And no need to run antivirus bloatware either.

    I've been using some flavor of Linux since 2006 almost exclusively. I've only needed Windows for Netflix and some of my employers stuff. Of course if money is no object you can still buy a Mac :).

  20. armedandsafe says:

    I've had a couple of those calls. I usually act very suprised and thell them I'm going over to my computer and to hang on. Then I put the phone down next to the speakers, which will (usually) playing some clasical music.

    After my coffee, lunch and cigarette, I hang up the phone. (Yes, I am a bit evil, but it means they lose the time they would otherwise use to scam several other people.)

  21. And, of course, if you want to really be safe from viruses and trojans…use one of the many Linux distros instead of MicroSoft. Open Source means fewer security holes to exploit.

  22. Most email clients, like Thunderbird, & outlook, if you simply hover over the link and it is not what it says it should be… I delete the message… Then I go to the website myself IE Amazon.com and then look in there, rather than using the supplied link. I get about 20 a day that send me to bad addresses.