Wednesday, 28 October 2015 Thank you for your order! IKEA receipt 607656390.doc Thank you for your order! IKEA receipt 607656390.doc macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net and they normally have faked email headers/addresses.

It's not advised to ring them as there won't really be anything they can do to help you.

Subject: Thank you for your order!
Message Body:

Order acknowledgement:

To print, right click and select print or use keys Ctrl and P.
Thank you for ordering with IKEA Shop Online. Your order is now being processed. Please check your order and contact us as soon as possible if any details are incorrect. IKEA Customer Relations, Kingston Park, Fletton, Peterborough, PE2 9ET. Tel: 0203 645 0015
Total cost:
Delivery date:
Delivery method:
We will confirm your delivery date by text,email or telephone within 72 hrs.
Order/Invoice number:
Order time:
8:31am GMT
Order/Invoice date:
Legal information
Please note that this email does not mean that we have accepted your order and it does not form a binding contract. A contract will be formed between You and IKEA at the time we dispatch your order to you, with the exception of made to order sofas and worktops where order acceptance occurs at the point when we send you our Delivery Advice email.
Your order is subject to IKEAs Terms of use and Return Policy

IKEA receipt 607656390.doc
Sha256 Hashes:
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/56)
VirusTotal Report: [2] (detection 4/56)

Sanesecurity sigs (phish.ndb) detected this as:

Sanesecurity sigs (badmacro.ndb) detected this as:
The current round of Word/Excel/XML/Docm attachments are targeted at Windows users.

Apple and Android mobiles/tablets can open these attachments and may even manage to run the macro embedded inside the attachment but they will be safe

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments try to download either...

... both of which are designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))



Maggie1 said...

I have just received one this morning - saw your post so will be deleting pronto


Anonymous said...

received one here this morning as well (28/10/15). email looks very realistic

Anonymous said...

Thanks for the good advice Steve. Much appreciated.

Sally said...

I have just received one too - it certainly does look very genuine from Ikea - all the right logos and details. I wondered if my husband had ordered my Christmas present - but it is far too early so very unlikely.

Thanks for the info, I might well have opened the attachments for this.

Anonymous said...

Received the same one, cheers

Anonymous said...

Thanks for such prompt advice keep up the great work

Craig Bryson said...

I have also just received one this morning, thanks for the heads up.

Anonymous said...

I received this email today with attachment. When viewing the message source this appears to be an IKEA internal scam as the source email address is - So I suspect there is a rogue IKEA employee with a grudge. Same like TALKTALK mess. Pity Sweden will not get to receive all the phone calls from anxious public.

The order amount looks very similar to a recent collected order so I checked for spelling mistakes and authenticity of customer service number. This is a brillant spoof !

Anonymous said...

If I don't download anything can they still get into my account from just looking at email?

Billy Penn said...

I have just received one too. Thx for the heads up

Anonymous said...

Do I need to have clicked on something to be scammed or just by opening it?

Itsme said...

Received this email this morning too, as did my wife. It's very realistic. Thanks for the advice

Amberhawk said...

Chris P

Ditto got one now - thanks for the alert

Unknown said...

Thanks for heads up got 1 this am

Anonymous said...

I received one and opened the attachment like an idiot on a work laptop. IT seem to think I'm protected, but changed all my banking passwords in case!

Lynn Issitt said...

I opened the attachment, so am I at risk now?

Anonymous said...

Good morning,

Received one forwarded from a society website where I have an email address as an officer of the society. I wouldn't dare order anything on the society without authorisation! ;-)

Ratchapon Nunthaporm said...

I also received this ones. Thanks for your advice.

Gavin W said...

Received one of these yesterday, and your post confirmed my suspicions about the file attachment. Many thanks for this - very useful.