Find out how the Emotet malware uses email to trick users and what you should do to protect your business.
Australian businesses have been warned that a new wave of email malware is spreading via email.
The Emotet malware attempts to fool you into opening an email attachment. The emails take various forms, but the example published by the Australian Cyber Security Centre (ACSC) looks like this:
According to Tyler Moffitt, security analyst at cybersecurity company Webroot, Emotet emails can also claim to be from one of your email contacts.
"It’s extremely easy for people to fall prey to the Emotet botnet, as carefully crafted phishing emails can even come from trusted email contacts. The trick is simple but incredibly effective – an email from a boss, co-worker, or friend, that might say “here’s a copy of our agreement” or “you missed your package at the post office”. The email attachment is usually a Word document or Excel spreadsheet, asking users to enable content,” Moffitt said.
The attachment could look like a common file format, such as a .doc, .docx or .pdf file, or a website link, according to the ACSC. If you open the file, the ACSC says attackers could gain control of your computer and forward itself to all your email contacts.
To protect yourself and business, the ACSC recommends disabling Microsoft Office Macros, in addition to maintaining firewalls and creating an offline backup of your data. Of course, you should install the latest software patches and cybersecurity updates.
This should also be a reminder that you’re taking a big risk if your staff members aren't cybersecurity-savvy. The ASC provides guidelines about this here. It also provides advice about protect systems and customer data.