Criminals increasingly turn to malicious HTML file attachments as phish hooks.
Malicious HTML file attachments.
Researchers at Trustwave SpiderLabs have observed a rise in malicious HTML attachments in phishing emails over the past month. Most of these attachments open a phishing page that impersonates a login portal to steal users’ credentials. The researchers note that some of these files will plug the user’s email address into the login field of the phishing page, to trick the user into thinking they had previously logged in:
“Hard-coding the email addresses helps trick the victim into believing they had previously signed-on to the page, since they only need to enter their password. Overall, this tactic makes the email appear more legitimate.”
Attackers are also using HTML smuggling to avoid being detected by email security filters: