Beware of Fake Invoices in Emails!


Of the latest malware campaigns, one has evolved to not only steal information but could also set the stage for future attacks by other hackers. Emotet is malware originally born as a banking trojan to steal sensitive information and has evolved to become a trojan stealing information from businesses and individuals everywhere. Now, its operators are leasing out Emotet’s newly developed capabilities.

What does the Emotet Phishing Scam Look Like?

The Emotet Trojan is sent through phishing emails that contain a malicious Microsoft Word document. The subject line of the email will have common terms to grab the attention of employees working in finance to indicate invoices and bank details. Once the document is opened, the user is prompted to “enable content” to see the document. If the user clicks to authorize, it is at this point that malicious URLs and malicious macros deliver the Emotet to the user’s machine. Once the Emotet enters the machine, the machine is compromised and can not only allow sensitive information to be stolen but also the infected machine can be used to spread more malware.

How popular is Emotet?

At one point last year, almost two-thirds of malicious payloads was due to Emotet-derived phishing attacks. While the use of Emotet declined this past December, it grew again in January with no sign of decreasing. As Emotet has become a popular botnet, Emotet-containing phishing emails do not come from one particular source. Because of this, it has infected Windows machines everywhere for both organizations and individuals around the globe. To date, such attacks have been most common in the United States and the United Kingdom and has also appeared in the Philippines, Spain, and India.

To prevent such attacks from occurring, it is important to both be aware of the latest scams and also have a practice of continuously keeping your system up-to-date and allowing the operating systems and software to be patched.



Contact LIFARS Immediately if Your

Organization was Hit with a Data Breach