Email Phishing Via Bogus Attached HTML Forms
- Most browsers now include a system that warns users if they are about to open a phishing website. Web addresses are checked against a list of known scam sites, and, if the address matches, a warning will be displayed.
- Scammers bypass these warnings by sending bogus forms as HTML email attachments. When opened, the attached files load in the user's web browser and look like a normal web page, but they will not call up a browser phishing warning.
- Any message that asks you to provide personal or financial information via an HTML form in an attached file should be treated as highly suspect.
Most modern browsers have built-in mechanisms
that try to protect users from phishing scams. If a user clicks a link in a reported phishing scam email, the browser will display a page that warns that the user is about to go to a fraudulent website. The warnings very clearly explain the possible dangers of proceeding.
These systems check the clicked URL against a regularly updated list of phishing sites. Of course, if a phishing site has not yet been reported and listed, the browser will not display a phishing warning and, unfortunately, many people still get caught out. Nevertheless, the systems do effectively thwart many scam attempts.
To overcome this impediment
to their nefarious schemes, phishing scammers commonly send their fake forms
via email attachments. When opened, the HTML attachment will load the fake form in the user's browser and it will appear like a normal webpage. And, like a "normal" phishing page, any information submitted on the fake form will be sent to criminals. But, because it was delivered as an attached file, the form will not normally be included on the browser's list of phishing sites and, therefore, no warning will be displayed.
No legitimate entity is ever likely to expect its users to provide login credentials and other sensitive personal and financial information via an HTML form contained in an attached file. Such forms will not be secure
as all forms that collect sensitive information certainly should be.
So, any message that asks you to provide personal and financial information by filling such a form should be treated as extremely suspect. If you do open an attached file and it loads a form in your browser that asks for your account username and password and/or identification information and financial data, back out fast! DO NOT proceed.
A Hoax-Slayer Nutshell - Editorials, brief hoax and scam related write-ups, interesting factoids, occasional rants and more!
Last updated: September 16, 2013
First published: September 16, 2013
By Brett M. Christensen