WARNING: Sophisticated email scam delivering ‘Emotet’ malware attacks Australian inboxes

Posted by Akankasha Dewan on 25 October 2019 12:45:30 AEDT

MailGuard urges all cyber users to be vigilant when accessing their emails as a widespread email virus is infiltrating Australian inboxes.

This scam is ongoing and is highly sophisticated in nature. It is being distributed via emails originating from a large number of compromised email addresses. Each message purports to be from a different individual or business.

The email body in itself in simple, and directs the recipient to open a Word attachment. This could be in the form of a statement, agreement, invoice, or anything that could require the victim to open the attached Word document.

Here is an example of such an email:

Malware_2510 edited

All these attachments contain a macro. Once unsuspecting recipients open this attachment, they are asked to click on "Enable Content" in Microsoft Word (this is disabled by default for security purposes).

Here is a screenshot of that attachment:

Attachment malware

Upon ‘enabling content’, the macro can run and the payload in the attachment executes. Hackers can then take control of the victim's computer and spread the malware. It is likely that once a user account is infected, the malware will forward itself to all the users’ email contacts, increasing the likelihood of further infection.

This malware is now best known as "Emotet" among other names.

Multiple steps have been taken by the cybercriminals behind this scam to avoid detection.

Besides using a very large number of subjects, body topics and sender emails, cybercriminals have been using a "packer" to update their malware's signature to try to remain undetected by antivirus software.

How can I protect myself from these types of email scams?

Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multi-layered defence with on-premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.

MailGuard is protecting our customers from being infected by this widespread, sophisticated email scam.

Add MailGuard's cloud-based email and web filtering solution to your business security and stop malicious emails entering your network. Click here to get more information about our cyber-security solutions.

How to prevent malware infection

To prevent malware infection, the Australian Cyber Security Centre (ACSC) recommends you take the following steps immediately:

  • Disable Microsoft Office macros. (Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit the Microsoft website for information on disabling macros in your version of Office.) 
  • Maintain firewalls.
  • Make sure you have an offline backup of your information.

If you run a business, we recommend you also alert your staff to be aware of any emails that look unusual or suspicious. Refer to ACSC advice, www.cyber.gov.au/advice/improving-staff-awareness

The ACSC has also issued advice to help organisations protect systems and customer data.

More information about this scam can be accessed here: https://www.staysmartonline.gov.au/alert-service/widespread-emotet-malicious-software-targeting-businesses-and-individuals

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.

• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)

• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.


Is your business receiving criminal intent emails?

It's time to get the protection your business needs. 

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing brand exploitation brandjacking fraud ZeroDay spoofing fastbreak Microsoft Office 365

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all