Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links
Image for representation: iStock
After analysing data on the millions of attachments, a team of researchers from Barracuda Networks has found that 21 per cent of all HTML attachments scanned over the past month were malicious and many of these are being used for credential phishing.
"These attacks are difficult to detect because HTML attachments themselves are not malicious. Attackers do not include malware in the attachment but instead use multiple redirects with Javascript libraries hosted elsewhere," Parag Khurana, Country Manager, Barracuda Networks India, said in a statement.
"Potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analysing the content of the email for malicious intent," Khurana added.
The malicious HTML attachments include a link to a phishing site, which, when opened, gets redirected to a third-party machine that requests the users to enter their credentials to access information or download a file that may contain malware.
HTML attachments are commonly used in email communication. These are particularly common in system-generated email reports that users might receive regularly. These messages include URL links to the actual report.
Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links.
These are successful techniques because hackers no longer need to include malicious links in an email, allowing them to easily bypass anti-spam and anti-virus policies.
"These attacks are difficult to detect because HTML attachments themselves are not malicious. Attackers do not include malware in the attachment but instead use multiple redirects with Javascript libraries hosted elsewhere," Parag Khurana, Country Manager, Barracuda Networks India, said in a statement.
"Potential protection against these attacks should take into account an entire email with HTML attachments, looking at all redirects and analysing the content of the email for malicious intent," Khurana added.
The malicious HTML attachments include a link to a phishing site, which, when opened, gets redirected to a third-party machine that requests the users to enter their credentials to access information or download a file that may contain malware.
HTML attachments are commonly used in email communication. These are particularly common in system-generated email reports that users might receive regularly. These messages include URL links to the actual report.
Attackers have been embedding HTML attachments in emails disguised as a weekly report, tricking users into clicking on phishing links.
These are successful techniques because hackers no longer need to include malicious links in an email, allowing them to easily bypass anti-spam and anti-virus policies.
Also Read:
ADVERTISEMENT
This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.
"Exciting news! Mid-day is now on WhatsApp Channels 
Subscribe today by clicking the link and stay updated with the latest news!" Click here!
Subscribe today by clicking the link and stay updated with the latest news!" Click here!
