Have you recently received an email saying, you need to open a file to update your Microsoft Word? Here’s a fair warning for you: do not do it!
Popular malware called Emotet strikes again, with a new template in their disposal. Using Microsoft Word update, it can download suspicious software inside your PC.
Do not update Microsoft Word!
Microsoft Word is one of the most common software inside a computer. Once it needs update, most of us quickly opens it, without thinking if it’s fake or not.
However, here’s the thing you should think about before upgrading Word. Emotet has recently tagged this software for hacking purposes.
Here’s how they do it:
A user will received a fake email from Microsoft with subject line, “Upgrade your edition of Microsoft Word.” Once user clicked it, the email says, “Upgrading your edition will add new feature to Microsoft Word. Please click Enable Editing and then click Enable Content.”
The victim will be then, opens the file and follows the directions. Once clicked “Enable Content”, the malicious macros will execute and then download and install Emotet in a user’s Local App Data folder.
Once clicked, malware finishes its job by downloading other types of malware such as Trickbot and Qbot.
Their main purposes are to steal personal information– bank details, passwords, accounts, etc.
At the time its done, the victim, unknowingly, had already stolen their details. Just by upgrading the Microsoft Word software.
What is Emotet?
Emotet, for those people who don’t know it, is a type of Trojan that primarily sends fake emails for users to purposely download harmful software.
This malware is one of the most common among other hacking mediums out there. It displays different styles of hacking inside victim’s software, without them knowing.
Here are the other hacking styles they’ve done over the past months.
What can they do
For example, 36% of attorney’s firms from the the American Bar Association’s 2019 Legal Technology Survey Report were recently infected with fake emails containing malware, spyware, etc.
The agency blames the Emotet for these spyware content. To make it worse, it is still not confirmed whether they actually steal any information from the attorney’s database.
Another example is when Emotet disguised as Windows 10 Update. They also pose as important invoices, shipping notices, or purchase orders, to get user’s attention.
Currently, Emotet also spreads fake information about Coronavirus pandemic. In this way, people will be forced to open the file.
As of now, it is still unknown who are the cybercriminals behind the malware. Most of hacking techniques relies on spreading emails to get attention from victim, into opening a suspicious file under the email.
How to stop being a victim of Emotet?
In fairness, countries all over the world, have been warned by security agencies against Emotet. Commonly, they post warnings and red flags on how the group attacks software.
By any chance, you’ve received email from Emotet, here are the things you should remember.
- Check the email account of the sender
- Avoid opening emails from unknown senders
- If it’s too good to be true, don’t open it.
- If it implores a sense of urgency, don’t open it.
- Don’t download any files from suspicious emails.