An estimated 100 million email messages sent last month claimed to be from Amazon and contained ransomware installers. Some had infected Word document attachments and others had malicious Javascript attachments claiming to be updates to Amazon shipping orders.
These emails fit the familiar profile of appearing to come from a major Internet company with attachments relating to customer accounts. They reinforce the basic rule:
"Don't open an email attachment unless you expected to receive it and are sure of source. If you have any doubts, check with the sender directly to make sure it is something you need to open."
The more urgent or enticing the email, the more suspicious you should be.
This particular attack used sophisticated spoofing techniques to make it appear that the emails originated from Amazon.