Malware disguised as party invites, holiday hours makes the rounds

ImageQuest, watch out for invite attachments

More ongoing proof that hackers try anything: New emails about a Christmas party or holiday hours could bring disaster.

Hackers invite unsuspecting victims via an email that talks about a holiday party or holiday hours in the body of the email. It comes with an attachment the victim believes lists a party menu, or a specific holiday schedule.

But in fact, the attachment contains malware. It looks like a Microsoft Word document. When users click on it, a message pops up asking the victim to “enable editing” or “enable content.” reports that when a user clicks to enable editing or content, that is actually a command to install malware. Many times the malware is a trojan known as Emotet.

“Once Emotet is launched, your computer will be used to send further spam, download TrickBot to steal your data, and possibly end with a ransomware stocking stuffer,” BleepingComputer said.

While most Christmas invites have been sent, these hackers are likely to repeat this ploy in 2020. So be careful – if your email security misses this nasty little “gift” ( i.e. you haven’t done your software updates in a while) watch out.

Don’t click – and definitely don’t enable. Happy Holidays!

Scroll to Top