Home Cyber Attack Phishing Campaign Tricks Users Via SHTML File Attachments
Cyber AttackHacking NewsLatest Cyber Security News | Network Security HackingNews

Phishing Campaign Tricks Users Via SHTML File Attachments

by Abeerah Hashim
written by Abeerah Hashim
WHO Coronavirus Phishing

One more phishing scam has caught the attention of the researchers. Again, researchers have caught an email phishing campaign that tricks users via fake bills. However, this one is unique in that it abuses SHTML File attachments in the emails.

Phishing Attack Exploiting SHTML File Attachments

Researchers at Mimecast have come across another phishing campaign bluffing users. This time, the attack exhibits slightly different behavior. Specifically, it makes use of SHTML file attachments in emails to trick users.

As stated in their blog post, the use of SHTML files is weird in that these files are predominantly related to web servers. The attack begins in the usual way – sending phishing emails to the victims. These emails appear as a receipt for some bill payments, viewing which requires the users to click on the attachment.

Here’s how the emails look like.

SHTML file billing phishing

Source: Mimecast

Upon clicking the attachment, the victim reaches the actual phishing site asking for information. A closer inspection of the attachment reveals that these attachments help emails evade URL analysis by antimalware tools. (We previously reported a similar phishing scam evading security measures by masking the URLs in QR codes.)

These SHTML files contain JavaScript code masking the actual URL.

code SHTML file attachments phishing

Source: Mimecast

The moment a user clicks on the attachment, they are redirected to the phishing site, where they should supposedly enter the required sensitive details.

Dear UK Users, Stay Careful!

According to the researchers, this phishing attack seems to originate from the UK. Eventually, a major part of this campaign resides in the UK, followed by Australia and South Africa.

Overall, 55% of this campaign was distributed in the UK, 31% in Australia, 11% in South Africa and 3% elsewhere.

In South Africa and the UK, the prime targets seem to be the accounting and finance sectors. Whereas, in Australia, the attack seems targeted towards the education sector.

Nonetheless, this doesn’t mean that the other users should ignore such phishing campaigns. As always, everyone should remain vigilant while dealing with emails, and opening attachments, both at an individual and business level.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...