Published: May 21, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
The beginning of this year started out with a bang for the Emotet malware and its botnet minions. Researchers discovered the well-known banking trojan has evolved and this time botnets are delivering the malware to unsuspecting inboxes worldwide. In their Q1 2019 Threat Report, Proofpoint security discovered botnets were found in 61% of all email payloads from January through March of this year. Emotet botnets were found in the majority of those malicious payloads during that time. Email payloads enable malware infection distribution, as well as containing various types of viruses including ransomware, worms, and other viruses.
Once considered a banking trojan, Proofpoint reclassified Emotet malware as a botnet threat. Emotet is responsible not only for information theft, but for spam distribution, additional malware downloads, and much more. It’s use of botnets to distribute malware means phishing campaigns against massive networks can easily be exploited without its victims being any the wiser. With email still the most common distributor of malware and phishing attacks, Emotet now rents its botnets to cybercriminals who use it to deliver their own email attacks.
With Emotet and many malware campaigns adapting and improving over time, it’s more important than ever for users to keep anti-phishing smarts at the forefront of online activity. With proof that email phishing is still the biggest threat to online safety, the anti-phishing tips listed below will go a long way keeping your inbox safe.
Review your email settings. Set spam and other filters at a level that works for you and keeps your inbox safer.
Don’t be phooled! Email phishing subject lines are designed to get a reaction. Beware of any subject line involving a need for urgent action, promises of contest or gift card winnings, scare tactics, and exploitation of other human emotions. You can be sure a data-stealing rabbit hole is waiting to drag you in.
Any email, especially those with content aimed at getting you to react, that requires opening an attachment or following a link for more information, should immediately be suspect. The attachments may be filled with malware and the links bring users to fake websites that are visually designed to look like what you expect to see.
Your bank and other legitimate businesses never ask for personal information in an email like passwords and account numbers. Instead of handing those over to just anyone, type the true URL into your browser. Upon logging into your account, you’ll be able to see if they really need you to provide sensitive information.
Keep security, operating system, browser, and other software updated as soon as these are available. These updates often include security patches and other tools for keeping safe online.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org