Rise in Scam Emails Scripted with HTML Attachments

Usually, phishing attacks depend on a link implemented and designed tactfully to trap users into providing all personal details. Nevertheless, according to a report by security firm Netcraft, over the past, the number of attachments based on HyperText Markup Language (HTML) has increased considerably, as reported in softpedia.com on November 13, 2012.

Recently, according to security experts, Barclay's customers have been identified to be in trap.

The forged email opens with the message that the Technical services of Barclays Bank are set out on a software maintenance program. For the same, the team requests the customers to visit an attached link and start the procedure for the confirmation of online accounts. For the same, customers are required to download a form and do according to the instructions provided in the screen.

The mail ends on an important note that the instruction had been seen to all the customers of the bank and reminds that it is obligatory on their parts to follow the same. It also provides best regards wishes from one of the biggies, Sean Gilchrist.

The form is basically designed to take out all the personal details of the victim. Nevertheless, though the form is stored locally, it is less likely to be blocked through anti-phishing mechanisms. While analyzing the ongoing scam, security experts also came across some of the obfuscated JavaScript employed by the cribs so that the anti-phishing software ignore any fraudulent content.

However, these phishing attacks are still required to send the sensitive data to the fraudster. All these communication is generally undertaken through a postal request to an isolated web server that further processes the information. Still, there is a fair chance for the user to remain protected as this request can be detected and blocked.

"Drop site" phishing attacks are often termed for these types of phishing attacks as it is the only publicly accessible URL that requires all the personal details of the victim. These drop sites are quite tricky to be easily identified in absence of the accompanying phishing mail. Generally, the drop page processes all the personal details of the victim and leaves no indication regarding its true nature. Some of the drop sites even redirects to the real website of the target. This invites suspicion towards the motive of anti-phishing groups though they might not provide enough substantiation for blocking the URL without the accompanied URL.

Related article: RSA Attendees Responsible for Wireless Vulnerability

» SPAMfighter News - 11/20/2012