Amazon customers were targeted in a massive spear phishing campaign where recipients received Microsoft Word documents with a macro that triggered downloads of the Locky ransomware. The attack occurred on May 17 and lasted about 12 hours and is estimated to have pushed out as many as 30 million spam messages purporting to be an update from Amazon on a shipping order. Comodo Threat Research Labs say it is one of the largest spam ransomware campaigns this year. The attackers were able to manipulate the email header to trick users.
Source: https://threatpost.com/amazon-users-targets-of-massive-locky-spear-phishing-campaign/118323/