A new kind of phishing attack uses server-parsed HTML as a base for its cyber-attack. The attack occurs through attachments in emails that are sent to the users who are instantly diverted to a malicious site. Once there, the site asks the user for sensitive and personal information.
At the beginning of April, the Mimecast Threat Center team were alerted to the issue. Tomasz Kojm, senior engineering manager at Mimecast commented that, "This seemingly innocent attachment redirecting unsuspecting users to a malicious site might not be a particularly sophisticated technique, but it does present businesses with a big lesson. Simple still works. That’s a huge challenge for organisations trying their best to keep their systems secure."
This rare type of phishing mainly targeted the UK (55 percent), Australia (31 percent) and South Africa (11 percent), primarily the finance, accounting and higher education sectors. The Mimecast team used critical threat intelligence to create a code that would pinpoint every email that contains this specific SHTML. By doing this, Mimecast’s gateway is able to identify and intercept any email that uses this specific phishing attack. In the two months since the defence went up, over a hundred thousand users have been protected from this phishing attack, saving them from possible financial losses.
A report from Mimecast about the attack stated that, "Phishing is an increasingly common and widespread problem that isn’t going away anytime soon." To evade these attacks and protect your finances it is best to avoid attachments in emails unless you have been told about them beforehand or are sure they are legitimate. Kojm suggested that, "If in doubt, follow the basic rule to ignore, delete and report." For big companies, he also recommended training "every employee so they can spot a malicious email the second it arrives in their inbox."