'$100 Amazon Gift Card' Email Scam Promises Fake Rewards
The so-called "$100 Amazon Gift Card" scam is a recent malspam campaign that distributed emails intended to spread the Dridex malware.
To lure users into action, the malicious emails open up with an enticing subject line: "Amazon.com sent you an Amazon Gift Card!"
Everybody likes free gifts, the issue is that almost every time you read about a free gift in your inbox, it will be a scam.
In the case of this scam, the email promises a free gift card if the user follows a link through a button labeled "View details". Clicking that will open up a new tab and download a malicious Office document. Once opened, and if macros are enabled, the malicious document will download the final payload containing Dridex.
The full text of the malicious email is as follows:
We are delighted to enclose a $100 Amazon gift card as our way of saying Thank You.
Ordered on [date]
Order #[numeric string]
$100.00
Amazon Gift Card
View details
Don't have an Amazon account?
Sign up to redeem.
Once applied to your Amazon account, the entire amount will be added to your gift card balance. Your gift card balance can't be transferred to other accounts, used to buy other gift cards, or, except as required by law, redeemed for cash.
Your gift card balance will be applied automatically to eligible orders during the checkout process and when using 1-Click. If you don't want to use your gift card balance on your order, you can unselect it as a payment method in checkout.
This email message was sent from a notification only address that cannot accept incoming email. Please do not reply to this message.
Sold by ACI Gift Cards LLC., an Amazon company.
The first thing you should do when you see similar messages in your inbox is to stop and think for a second before you do anything dangerous, like clicking a bad link. Remember there is no free lunch and every free gift you are promised that seems a little too good to be true is probably a scam.