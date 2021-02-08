While the threat posed by Emotet is now diminished, there are other malware strains that are active, and more threats are to come.

The best way to avoid malware is to exercise extreme caution online. Be wary of every link and every attachment. Nye said that the Emotet malware was distributed through phishing or spearphishing emails, but once it was on a computer, it could use more sophisticated techniques to infect other machines.

One of those techniques is called email thread hijacking. Say you are communicating with a dozen colleagues about an upcoming meeting via email from an infected computer. The cyber criminals could monitor your inbox and send a message to everyone on that email chain with a document that would make perfect sense—such as a draft agenda. Each person on that email chain could then unknowingly download the malware when they open that document. “You really have to question every attachment,” Nye said.

Emotet deployed topical messages as another way to entice computer users to click. Messages with links pertaining to the 2020 election and information about COVID-19 have been effective lures in the last year.

It is important for you to report malware when you discover it. The FBI can support affected organizations as they deal with a cyber intrusion, and every reported incident helps investigators build insight into current cyber methods.

“There is a backbone of global law enforcement and private sector partners that are investigating this and working on getting the full landscape and site picture of malware,” Nye said. “You could be that piece that we’ve been missing.”

Victims can also report malware and other online crimes and scams the Internet Crime Complaint Center at ic3.gov. And take a moment to learn more about how to protect yourself from common online crimes and scams.