Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





Email Phishing Via Bogus Attached HTML Forms

Main Points

Details

Most modern browsers have built-in mechanisms that try to protect users from phishing scams. If a user clicks a link in a reported phishing scam email, the browser will display a page that warns that the user is about to go to a fraudulent website. The warnings very clearly explain the possible dangers of proceeding.

These systems check the clicked URL against a regularly updated list of phishing sites. Of course, if a phishing site has not yet been reported and listed, the browser will not display a phishing warning and, unfortunately, many people still get caught out.  Nevertheless, the systems do effectively thwart many scam attempts.

To overcome this impediment to their nefarious schemes, phishing scammers commonly send their fake forms via email attachments. When opened, the HTML attachment will load the fake form in the user's browser and it will appear like a normal webpage.  And, like a "normal" phishing page, any information submitted on the fake form will be sent to criminals. But, because it was delivered as an attached file, the form will not normally be included on the browser's list of phishing sites and, therefore, no warning will be displayed.

No legitimate entity is ever likely to expect its users to provide login credentials and other sensitive personal and financial information via an HTML form contained in an attached file. Such forms will not be secure as all forms that collect sensitive information certainly should be.

So, any message that asks you to provide personal and financial information by filling such a form should be treated as extremely suspect. If you do open an attached file and it loads a form in your browser that asks for your account username and password and/or identification information and financial data, back out fast! DO NOT proceed.




Phishing Cat

© Depositphotos.com/bloodua


A Hoax-Slayer Nutshell - Editorials, brief hoax and scam related write-ups, interesting factoids, occasional rants and more!
Read More Nutshells


Last updated: September 16, 2013
First published: September 16, 2013
By Brett M. Christensen
About Hoax-Slayer

Bookmark and Share