Phishing Using HTML and Intranet Security Settings
- Monday, April 16, 2012, 20:10
- Threat Research
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later, when spam filters became aware of these kinds of mails, we saw the evolution to direct links in e-mail, then to obfuscated links in e-mail where the e-mails looked professional and had the appearance of official messages from the organization the phishers desire your information from.
One thing stayed the same and that is the language used in the phishing mails. Most often they are not correct in either a contextual way or grammar-wise. Regardless, all these attempts sooner or later will be blocked by spam filters or by the anti-malware products, or by URL reputation schemes such as Google’s Safe Browsing or Microsoft’s Smart Screen. But, too often, some people still fall victim for these phishers. One observation as to why this happens will be described later in this blog.
In the last few weeks, a new approach can be added to the portfolio of phishing attempts. The e-mail is accompanied by an attachment with the extension “htm” or “html”.
Now why would