Threat Alert: Phishing Emails Trick Recipients into Installing Malware

• A series of phishing attacks are sending out malicious attachments.
• The attachments, when opened, load a spoofed Microsoft Word document hidden behind an error message.
• The pop-up error message contains instructions on remediating the apparent issue by running a script on the recipients device. 
• The script is malicious and leads to installing malicious software (malware) on the user’s device.

Key Action: Report Suspicious Emails 

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to download an attachment. It can be tempting to click on a “call to action”. Remember to verify unexpected attachments before you download them.
• Never follow instructions associated with unexpected messages. Never open, preview, or download an unexpected attachment, and never follow instructions that pop-up when opening a document on how to view the attachment. These actions can expose you to malware.
• Report ANY suspicious emails using the Phish Alarm button.