Here is the text of an email that has been used to target Amazon Prime members:

Dear customer,

Your Amazon Prime membership is set to renew on [DATE].

However, we’ve noticed that the card associated with your Prime membership is no longer valid.

To update the default card or choose a new one for your membership,

Please find the document attached and follow the on-screen instructions.

To prevent interruption of your benefits, we will try charging other active cards associated with your Amazon account if we can’t charge your default card.

If we can’t process the charge for your membership fee, your Amazon Prime benefits will be suspended.

The message includes an attached PDF file.

There are other versions of this attack out there. Some are poorly-spelled attempts to convince the recipient to click on a link and login to what they think is the Amazon website, but isn’t.

However, in this case the grammar and spelling are fine, and the original message as it appears in your inbox contains correct Amazon Prime logos and graphic elements. This one isn’t trying to weed anyone out—it is designed to convince as many people as possible to open that attachment.

What’s in the attached PDF? Most likely the file is infected with malicious software, something that will either log keystrokes or give someone else access to and control of your computer. It may even contain actual instructions for logging into your Amazon account.

If you are a Prime member, keep track of your renewal date so you will know right away if an email has any chance of being legitimate. But also remember that Amazon isn’t going to send you a message with an attached file. Never open an attachment in an email message you weren’t expecting. Even if you think the card associated with your Prime membership might really be expired, don’t click any links or open attachments, visit the Amazon website directly and login to check.