ALERT: HTML Attachments
In the past, spam filters have been able to catch most of the malicious emails, based on the types of attachments they were sending (and trying to trick people into opening the attachments, which then downloads malicious files onto your device). Most of the malicious attachments used in the past were “.DOC” or “.JS” files, used mainly for ransomware attacks.
Now, CyberCriminals are trying to trick spam filters into letting their malicious emails through, by sending .HTML attachments, also knows as “attackments”.
CyberCriminals are using these attackments for credentials “phishing” for a few reasons. Namely:
- Reduced chance of anti-virus detection: Carefully crafted .HTML files can reduce the chances that phishing emails with these attachments will be stopped by email security software or devices. .HTML files are not commonly associated with email-borne attacks (at least, not until recently). .HTML files can be used to embed redirects that can evade antivirus scanners that check only URLs that appear in the bodies of emails. .HTML files can also be used to deliver obscure web pages that might slip past scanners that do check .HTML attachments.
- Users are familiar with these attachments, and usually don’t see them as harmful. Users and employees may be familiar with .HTML attachments, as they are often used by banks and other financial institutions to send secure information and documents. If your company routinely interacts with financial institutions, your employees may view .HTML attachments as simply routine and non-threatening.
Unfortunately, CyberCriminals have recently taken to using .HTML attachments to spoof bank login pages, popular online services, and secure messages from financial institutions (financial institutions often use “.HTML” attachments to send secure messages).
Your spam filters may miss these based on the “.HTML” file.
If you receive an email with an .HTML attachment, be wary!
Do not open it unless you know 100% that it is legitimate, have requested the link to be sent, or have verified with the sender that the attachment is legitimate.