The holiday season is officially among us. From last-minute holiday shopping to attending countless parties, this time of year keeps users busy. The holiday season is an especially busy time for cybercriminals as well. According to Bleeping Computer, the cybercriminals behind the Emotet trojan have been targeting users with a new spam campaign that impersonates a Christmas party invitation.
How exactly have malicious actors been trying to put a damper on the holiday fun? They’ve crafted phony invites that include a subject line like “Christmas party next week.” Additionally, the invitation asks users to wear their ugliest Christmas sweaters and view an attached party menu. To further disguise this threat, the cybercriminals behind the attack have titled the attached documents “Christmas party.doc” or “Party menu.doc.” If a user opens one of these stealthy Word documents, they are prompted to ‘Enable Editing’ or ‘Enable Content’ to view it. However, if a user enables the content, the Emotet trojan will consequentially be installed. Once this is done, the victim’s device can be used for more malicious attacks such as sending further spam emails, downloading the TrickBot banking trojan to steal user data, and even a ransomware stocking stuffer.
So, what can users do to avoid this unwanted grinch from stealing their Christmas? Check out these tips to protect your security:
- Click with caution. Only click on links from trusted sources. If you receive an email or text message from an unknown sender asking you to click on a suspicious link, stay cautious and avoid interacting with the message altogether.
- Use comprehensive security. Whether you’re using a mobile app to check emails on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use robust security software like McAfee Total Protection so you can connect with confidence.