It has come to our attention that there has been a resurgence of activity on the Internet associated with a malware strain called Emotet.
The latest version of Emotet is able to steal actual email text, attachments and contacts from its victim, and then insert itself into an email thread. If the email and attachment is something you recognize and is from someone you know, it obviously looks much more legitimate. This makes it more likely that you will be fooled by the malware and click a link or execute a program that will then infect your PC.
One of the ways that Emotet spreads is by trying to get you to execute a macro in a Microsoft product like Microsoft Word. This is a common tactic that has been used before, which is why macros are generally disabled by default in Microsoft. So, be especially careful when opening an attachment if it contains macros and requests that you enable them.
You can search for more information about Emotet or other online threats using your search engine of choice (Google, Bing, etcetera).
Here are some other general safety tips you should always keep in mind to help keep your account and system secure.
In addition to being careful about macros, avoid opening attachments that end in .exe, .vbs, .bat, .pif, .cmd and .scr, since these are executable file types that are commonly used to spread viruses and worms. Viruses with these file extensions can also be hidden in a compressed (zipped) file with an extension like .zip or .gz. So, if you unzip a file that was sent to you, and one of the unzipped files is an executable with an extension like .exe., .vbs, etc., do not click it unless you know for sure that it is legitimate. It is unlikely that someone you know will send you an executable file like that.
Please be sure that you have up-to-date virus protection software installed on your PC, which will help protect against some of these threats.
Finally, remember that we will never ask you for sensitive information via email, nor will any reputable business. If you receive an email asking you to provide your password, credit card or bank account information, social security number, or other personal information, delete the message. Phishing messages can look very convincing. Often they will link to a website to collect the information. If it is a company you do business with, and there is any question as to the legitimacy of the message, call the company requesting the information using a phone number from a recent bill, not from the email message you received requesting the personal information.