Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

Hidden Dangers of HTML Attachments

Date: May 11, 2016

Category: Blog

Over the last six to nine months, we’ve seen a lot of .DOC and .JS file attachments as malicious attachments, used for mainly ransomware attacks.

However, our researchers have spotted an up and coming trend; malicious HTML “attackments” that are used for credentials phishing. Cyber criminal are using .HTML attachments to spoof bank login pages, popular online services and secure messages from financial institutions.

There are a couple reasons why the cyber criminals have taken a liking to HTML

1. Reduced chance of AV detection

Carefully crafted .HTML files can reduce the chances that phishing emails sporting those attachments will be stopped by email security software or devices. While .EXE and Office files (.DOC, .XLS, etc.) pose obvious threats in a Windows environment and have a long history of being used in malspam (malicious spam email), .HTML files are not commonly associated with email-borne attacks — at least not recently (several years ago they were being used to deliver malicious Javascript). Moreover, .HTML files can be used to embed URL redirects to evade AV scanners that check only URLs that appear in the bodies of emails. HTML files can also be used to deliver obfuscated web pages (usually base64 encoded) that might slip past even scanners that do check .HTML attachments.

2. User familiarity

Although your users and employees may not recognise the potential threat of .HTML attachments, that doesn’t necessarily mean they aren’t familiar with them. HTML attachments are commonly used by banks and other financial institutions to deliver secure documents and messages as well as to enable users to conduct banking business in a secure environment.

User Education is your best defence:

Inevitably, your filters are going to miss some of these, and we suggest you send the following to your employees as part of your ongoing awareness campaign:

Internet criminals never stop trying to get past our spam filters and trick you into clicking on phishing links or opening malicious email attachments.

This is a warning against a new type of attack that uses an HTML attachment which tries to scam you into entering your user name and password.

HTML attachments are often used by banks for secure messages, so you might think that these are always safe. They are NOT. If you get an email with an HTML attachment, be just as careful as always and do not open it unless you have asked for it, or have verified with the sender that the attachment is legitimate.

Remember: Always Think Before You Click!

Regular Security Awareness Training is critical to ensuring that your employees recognise and correctly respond to the actual threats they will encounter. Find out how affordable this is for your organisation  – less than £1/user/month.Get a Quote orange button image

If you do not like to click on redirected buttons, here is a link you can cut and paste:

Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks