Thanksgiving email scam - How to remove

Thanksgiving is a precious holiday to many Americans, bringing families and friends together around the same dinner table or even virtually. However, at the same time, it is a perfect opportunity for cyber crooks to play a trick on unguarded users with a little bit of social engineering. After all, a heartfelt e-card and email from anyone is a pleasant surprise for most.

Unfortunately, the recent Thanksgiving greeting emails that are roaming around the net are fake and actually doesn’t promise anything good. Even though such holiday scam is not a groundbreaking event and has been seen before, for example, in Ireland during 2016 Thanksgiving or this year during Fourth of July, yet you shouldn’t be opening these attachments because they spread a very dangerous virus – Emotet Trojan.

If you are using virtual banking services, purchase things online and connect to your email and other accounts through the computer like most owners, letting in Emotet virus can result in terrible consequences, such as hacked accounts, stolen money and etc. The best you can do to prevent all of this is to avoid falling into the trojan’s trap firstly, and if that fails, removing it as soon as possible.

How to recognize the fake Thanksgiving email

According to Forcepoint researchers on November 19th, 2018, Emotet creators delivered over 27,000 malicious emails under 10 hours, between 07:30 and 17:00, which means that the number now, right before the actual holiday, is even higher. The deceitful email can be easily mistaken with the regular greetings from your friends/family/co-workers, therefore the infection rate should be quiet high. On the other hand, with a little more awareness and knowledge of common signs, these emails can be spotted and removed before they do any damage.

First things first, if you get such greeting to your inbox, notice the sender. This is not the most accurate feature to separate emails to malicious and safe because some viruses can gather victim’s contacts and send itself to their emails, making it look like your friend just sent you a letter, however, the fact that someone you don’t know is congratulating you with Thanksgiving is a very shady sign already. Furthermore, the e-card emails usually come from their Official sites, rather than directly from the user. Another suspicious thing, is the content of the message, which is very generic, short and doesn’t address to your name, nor has a sender’s . For example:

Hi,

In this season of thankfulness, we are especially grateful to you, who have worked so hard to build and create the success of our company. Wishing you and your family a Thanksgiving full of blessings.

Thanksgiving Day Card below.

thanksgiving day email scams spread emotet virus

Not just the message will seem plain. Thanksgiving greeting’s subject and attachment name have a few combinations that will be repeated just in a different order.

Now roaming malicious attachment names, which you should be cautious about: Greeting-Card-2018.doc, Greeting-Card-Thanksgiving-Day.doc, Thanksgiving-Greeting-Card-2.doc, Thanksgiving-Congratulation.doc, Thanksgiving-Day-greeting-card.doc, Thanksgiving-wishes.doc, Thanksgiving-Day-eCard.doc, Thanksgiving-ecard.doc, Thanksgiving-Day-Card.doc, Thanksgiving-Card.doc, Thanksgiving-Day-wishes.doc. 

The email subjects that are noticed to spread virus: The Thanksgiving Day eCard, Thanksgiving Day email greetings, Congratulations on Thanksgiving Day, Thanksgiving Day Greeting Card, Thanksgiving greetings, Happy Thanksgiving Day wishes, Thanksgiving Day Card, Happy Thanksgiving Message, Thanksgiving email greetings and etc.

If you see any of the emails that contain such names, instantaneously act super cautious and do not open the added e-card. Although the malicious email is still not recognized by anti-spyware programs, judging from the Virustotal analysis, the majority of antivirus programs respond to the attachment marking it as Malicious.

Statistics show that despite all the information spread around on How to recognize phishing and etc., there are still plenty of users that fall for this unfortunate scam. If you happen to be one of them, please, keep on reading to figure out what to do now, when the virus is already in your computer.

How dangerous are the Thanksgiving e-card attachments

So the curiosity won and you clicked on the malicious e-card, which seemed to be a Word file (that actually is an XML file pretending to be a DOC, because they Hide macros), which did not open up properly or asked to enable Macros but still did not show any Thanksgiving greeting afterward. Firstly, e-cards do not come in Word format, second of all, the reason why that the .doc file did not seem to work is that it was a setup for the notorious Emotet virus.

At the moment, it is known that so far there are two malware variants that spread via these messages – https://www.virustotal.com/ru/file/0ade46a6c13378407ae2bca74c5331335e3238e52ec0d48709fba3c81af13ad5/analysis/ (also named  541086_1_.exe, 8891.exe, teststreet.exe,  Standstick41088131.exe) and FOw.exe, which is the Emotet trojan itself.

The first mentioned threat is named Win32/Swizzor.gen, which according to Microsoft.com is a broad term for a generic trojan that connects to crooks servers and gets files to the victim’s computer, delivers ads and etc. It can very possibly be related to Emotet itself.

Emotet is a banking Trojan, which has all the capabilities to steal the credentials, look through browsing history and gather used passwords, logins and bring them to hackers. Unfortunately, this threat Has been evolving even more and now can deliver other malware to the compromised computer too. That means that if you get this virus, your bank account and identity gets in a very serious danger, not to mention possible secondary invasions by ransomware, hijackers, adware and etc. Without a doubt, this is not what anyone would like to deal with during the holiday period. So what can you do?

How to remove Emotet virus from your computer

Emotet banking trojan. like CamuBot TrojanJS.DownloaderJackServnXMRig, are the type of malware that is very hard to discover in your PC, especially if you do not have any trustworthy antivirus. Most likely you’ll notice signs like slower browser and system, more ads or other following viruses, which were brought by the trojan, but not the root cause. However, there is a solution, which you should use in case the Thanksgiving card attachment end up on your PC or Mac.

We advise to immediately get a reputable malware removal tool, e.g. Spyhunter, Malwarebytes and let it take care of the sneaky threat. It will not just hunt and eliminate Emotet but will deal with other potential malware which used system vulnerabilities and got in.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Leave a Reply

Your email address will not be published. Required fields are marked *