Phishing Campaign Tricks Users Via SHTML File Attachments

  • 2

One more phishing scam has caught the attention of the researchers. Again, researchers have caught an email phishing campaign that tricks users via fake bills. However, this one is unique in that it abuses SHTML File attachments in the emails.

Phishing Attack Exploiting SHTML File Attachments

Researchers at Mimecast have come across another phishing campaign bluffing users. This time, the attack exhibits slightly different behavior. Specifically, it makes use of SHTML file attachments in emails to trick users.

As stated in their blog post, the use of SHTML files is weird in that these files are predominantly related to web servers. The attack begins in the usual way – sending phishing emails to the victims. These emails appear as a receipt for some bill payments, viewing which requires the users to click on the attachment.

Here’s how the emails look like.

SHTML file billing phishing
Source: Mimecast

Upon clicking the attachment, the victim reaches the actual phishing site asking for information. A closer inspection of the attachment reveals that these attachments help emails evade URL analysis by antimalware tools. (We previously reported a similar phishing scam evading security measures by masking the URLs in QR codes.)

These SHTML files contain JavaScript code masking the actual URL.

code SHTML file attachments phishing
Source: Mimecast

The moment a user clicks on the attachment, they are redirected to the phishing site, where they should supposedly enter the required sensitive details.

Dear UK Users, Stay Careful!

According to the researchers, this phishing attack seems to originate from the UK. Eventually, a major part of this campaign resides in the UK, followed by Australia and South Africa.

Overall, 55% of this campaign was distributed in the UK, 31% in Australia, 11% in South Africa and 3% elsewhere.

In South Africa and the UK, the prime targets seem to be the accounting and finance sectors. Whereas, in Australia, the attack seems targeted towards the education sector.

Nonetheless, this doesn’t mean that the other users should ignore such phishing campaigns. As always, everyone should remain vigilant while dealing with emails, and opening attachments, both at an individual and business level.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!