Not Emotet again!

Emotet is in the news again according to the latest information from email security firm Cofense.  Emotet is notorious for spreading via phishing campaigns and this latest phishing campaign sees them impersonating the IRS.

By all outward appearances, the emails look legitimate. The Emotet gang knows that with so many people feeling harried during tax season, potential victims are much less likely to look closely at incoming emails that claim to have tax documents since they're expecting tax documents anyway.

While the particulars vary from one email to the next, the general gist of emails associated with this campaign goes as follows. "Hi, we're the IRS, and we're contacting your business with some completed tax forms," or, in some variants, "We're contacting you with some tax forms you need to fill out and send back to us."

Again, given the timing of tax season, this is not at all out of the ordinary. A surprising percentage of email recipients are opening the included attachments.


Emotet is thorough and very effective

Simply opening the emails won't doom you, but if you enter the password required to unlock the file attached to the email, you will doom yourself. Emotet will be installed in the background along with whatever additional malicious payload the hackers want to inflict on you.

In addition to that the malware will rifle through your address book, absconding with the email addresses belonging to your contacts. It does this so it can use those addresses in future reply-chain attacks, thus extending the longevity of the campaign.

There's no good defense against this kind of attack except for vigilance.  The standard email defenses apply here.  Never open an attachment from someone you don't know.  In cases where the recipient seems to be a government agency, call to verify that they have sent you something that needs your attention, and examine the email closely.


To learn more on Emotet

Jan 2021: World’s most dangerous malware EMOTET disrupted through global action

Oct 2021: Malware Awareness - EMOTET resurges with new detections

Oct 2020: CISA Alert - Emotet Malware


My perspective

Be careful out there.


You don't want to suddenly realize...
Here's another fine mess you've got me into


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association