HTML Email Attachments Used to Send Malicious Threat

ICS makes it a priority to investigate the newest critical threats to your business network and as a partner we take pride in making sure your corporate network and critical data is secure.

As we have stated in previous blogs, email is the vehicle of most attacks. These emails contain attachment with .js, .DOC and other suspicious extensions. Once clicked, these extensions are capable of infecting business networks with malware, ransomware, Trojans, crypto locker and a wide array of harmful infections.

Over time, many end users have become more aware of suspicious attachments. The attackers have gotten smarter and now scammers have been sending out emails containing harmful .HTML attachments. The reason attackers are having success with this latest campaign is because of the fact that most users do not see .HTML files as being harmful.

Most end users at one point or another have received legitimate .HTML attachments. It is also an extension that is familiar to the eye. Many financial institutions and legitimate businesses use .HTML to securely deliver documents and other important information. Familiarity makes it easier for the end user to drop their guards and click on the attachment.

Everyone must be aware that .HTML attachment are capable of containing the same threats as all the other malicious attachments. This round of attacks, the scammers are mostly using the .HTML attachment in phishing scams. These phishing scams are targeted to get the end user to enter their personal information or credentials into the attachment. When the victim sends the requested information back, they are under the impression that it is going to a legitimate source. Unfortunately this is not the case, it goes directly to the attacker! We have seen instances where the following legitimate companies have been spoofed: JPMorgan Chase & Co, Wells Fargo, Navy Federal Credit Union, Adobe, Gmail, and more.

 It more important, now more than ever, to become familiar with all these threats and the ways your business data can be compromised. We recommend following our blog to stay on top of all the latest scams. Contact us if you are interested in our custom employee phishing awareness training program. It could save your organization from a major data breach with the potential to cripple your network.