After analysing data on the millions of attachments, a team of researchers from Barracuda Networks has found that 21 per cent of all HTML attachments scanned over the past month were malicious and many of these are being used for credential
phishing.
"These attacks are difficult to detect because HTML attachments themselves are not malicious. Attackers do not include malware in the attachment but instead use multiple redirects with Javascript libraries hosted elsewhere," Parag Khurana, Country Manager, Barracuda Networks India, said in a statement.
"Potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analysing the content of the email for malicious intent," Khurana added.
The malicious HTML attachments include a link to a phishing site, which, when opened, gets redirected to a third-party machine that requests the users to enter their credentials to access information or download a file that may contain
malware.
HTML attachments are commonly used in email communication. These are particularly common in system-generated email reports that users might receive regularly. These messages include URL links to the actual report.
Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links.
These are successful techniques because hackers no longer need to include malicious links in an email, allowing them to easily bypass anti-spam and anti-virus policies.