The bait is a fake eFax. The link in the message points to a page where you can choose your provider and enter sensitive data, which will be stolen.
Technical analysis by the Malware Hunter JAMESWT
Emotet hits back with the malspam campaign that exploits real stolen email conversations. New messages with compressed attachment, which contains a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet
Emotet hits back with a new malspam campaign, which always exploits stolen email conversations. The messages are accompanied by compressed documents (.zip), which contain a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet. Emotet is a banking trojan to which modules have been added over time that allow it to steal passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse the emails for subsequent spam campaigns.