An email shows up in your Inbox from someone you know. It shows their correct email address in the From line. The Subject might be: "Re: Disregard last email." The email has a Word attachment.
At that moment you are distracted, perhaps you are on a conference call or are still thinking about something complicated. Without giving it much thought, you open the attachment. Uh-oh!
The Emotet malicious email campaign periodically resurfaces, launching a wave of counterfeit emails.
Emotet uses techniques that evade antivirus products, fooling users into clicking on links and firing off macros in MS Word or Excel documents.
According to Ars Technica:
Another evasion trick spotted in the attached document: excerpts from the Herman Melville classic novel Moby Dick, which appear in a white font over a white page so the text isn’t readable. Some security products automatically flag Microsoft Office files containing just a macro and an image. The invisible text is designed to evade such software while not arousing the suspicion of the target.
These emails can also include your own name in the greeting, unlike most spam and phishing emails. Let the people in your workplace know that emails might be counterfeits carrying malware.