Don't open that Christmas party email - it could be swarming with malware

(Image credit: Shutterstock.com)

Hackers are looking to kill off the Christmas spirit by hiding malware within fake office party emails.

Research from security firm Cofense has uncovered evidence that cybercriminals behind the dangerous Emotet botnet are using holiday-themed phishing emails to trick victims.

Having first appeared around Halloween at the end of October, the company is now warning the same tactic is now being used to lure in workers excited for the holidays with fake emails concerning office Christmas parties.

Tricked

Cofense discovered emails with titles such as "Christmas party next week" that appeared innocent, but came with a macro enabled Microsoft Word attachment disguised as menu options for a festive meal. The messages were often built around templates that came from scrapped inboxes to leverage real email conversations, making them appear legitimate, even featuring translations for different markets.

Asking the user to “enable editing” to view, clicking on the attachment will execute the embedded macros and install the Emotet malware, which could provide various groups with he means to attempt ransomware downloads, more spam and phishing emails.

(Image credit: Pixabay)

Cofense says that despite the low-key deisgn is often a major giveaway to fake emails, especially the use of the outdated .doc Microsoft Word format, as well as a bare-bones design which should have helped it stand out.

However such emails still pose a very valid threats to businesses of all sizes, and should be used in order to help train and improve phishing detections programs across all industries.

"If your phishing defense program is aligned with active threats hitting organizations, then this is exactly the template you should be using to train your users to identify a real phish," Tonia Dudley from Cofense Security Solutions wrote in a blog post outlining the news.

Recent figures from Malwarebytes saw deterctions of Emotet soar 37 percent as cybercriminals look to target a wide range of businesses.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.