HTML links and files continue to be a frequently employed medium for phishing attacks in 2022, with bad actors relying on their relative innocuous appearance to deceive potential victims.
Bad actors and phishing attacks continue to rise at alarming rates, or at least maintain stagnancy at an alarming peak. Are people getting dumber, or are the individuals behind such acts just getting smarter? Someone such as myself is more inclined to believe the latter, since I work a job that lets me observe and appreciate the Rube Goldbergesque traps that such individuals lay for other to unwittingly stumble upon. Just recently I wrote an article that documented how bad actors managed to employ Google Search in their endeavors by writing articles and webpages with search engine optimization. This way, Google itself would hand potentially dangerous websites to its own userbase, and no one would be the wiser until a week or so in the future when someone finally notices their missing money. However, this example is all about bringing a user closer to the mode of delivery for a phishing link: what about the actual harmful tool itself? Well, that’s where the HTML format proves itself to be indispensable.
HTML files are essentially the equivalent of stuffing a webpage redirect into a document. They’re meant to be viewed via browsers because, at the end of the day, they are just webpages. However, sending users webpages in the HTML format allows bad actors a form of protection that they otherwise would not have. Since HTML files in and of themselves are in no shape or form harmful, the actually harmful URLs and links can be smuggled within them. All a person has to do is cover up the URL in a relatively thick sheet of JavaScript, which most individuals are comfortable with to some extent nowadays, and suddenly the likes of Gmail won’t flag it as harmful spam.
Cybersecurity firm Kaspersky caught on to this new technique being implemented, and conducted a research on just how many such emails are sent out into the world. The answer is quite a lot, with an unexpected climb in numbers during March ’22, followed by a sharp decline in the following month of April. Why there is so much fluctuation, I truly cannot answer. I can, however, ask all online netizens and this article’s readers to stay safe and vigilant online.
Read next: This Report Shows How 2 out of 3 Cyber Security Professionals Are More Stressed Out Than Ever
Bad actors and phishing attacks continue to rise at alarming rates, or at least maintain stagnancy at an alarming peak. Are people getting dumber, or are the individuals behind such acts just getting smarter? Someone such as myself is more inclined to believe the latter, since I work a job that lets me observe and appreciate the Rube Goldbergesque traps that such individuals lay for other to unwittingly stumble upon. Just recently I wrote an article that documented how bad actors managed to employ Google Search in their endeavors by writing articles and webpages with search engine optimization. This way, Google itself would hand potentially dangerous websites to its own userbase, and no one would be the wiser until a week or so in the future when someone finally notices their missing money. However, this example is all about bringing a user closer to the mode of delivery for a phishing link: what about the actual harmful tool itself? Well, that’s where the HTML format proves itself to be indispensable.
HTML files are essentially the equivalent of stuffing a webpage redirect into a document. They’re meant to be viewed via browsers because, at the end of the day, they are just webpages. However, sending users webpages in the HTML format allows bad actors a form of protection that they otherwise would not have. Since HTML files in and of themselves are in no shape or form harmful, the actually harmful URLs and links can be smuggled within them. All a person has to do is cover up the URL in a relatively thick sheet of JavaScript, which most individuals are comfortable with to some extent nowadays, and suddenly the likes of Gmail won’t flag it as harmful spam.
Cybersecurity firm Kaspersky caught on to this new technique being implemented, and conducted a research on just how many such emails are sent out into the world. The answer is quite a lot, with an unexpected climb in numbers during March ’22, followed by a sharp decline in the following month of April. Why there is so much fluctuation, I truly cannot answer. I can, however, ask all online netizens and this article’s readers to stay safe and vigilant online.
Read next: This Report Shows How 2 out of 3 Cyber Security Professionals Are More Stressed Out Than Ever
