HTML email attachments have become one of the most popular method scammers can employ to obtain your information. These types of attachments continue to be a hurdle in email security because file extensions like .html and .doc can make it through spam filters. This tells us that scammers are becoming more sophisticated with their phishing attempts. HTML attachments may contain malware that can crash your computer or scripts that aid in phishing attempts. Most of us are aware of malware, but what about phishing?
Phishing is defined as an attempt by a person posing as a legitimate entity to obtain login or other personal information. They can do this by the way of email attachments containing various scripts or key loggers. At GXA, we employ spam filters for our clients at the internet level that will block most of these types of attachments. Even with this much protection, the chances are that some will make it through because these types of attachments are difficult to detect by spam filters. This is why attackers have grown fond of HTML attachments to carry out their attacks.
Spoofing and URL redirection are similar threats and can be just as dangerous. For example, think of your last bank statement you received in your email. Did it look legit? You may receive an email that look strikingly similar to communication from your financial institution or any other account. The similarities include logos, wording, and in some cases, they may even have information about you in the email that will make it seem that much more realistic. A spoofed URL is one website posing as another and is usually an attempt to capture login information. Once the email is received, the only defense is a making the right choice. Scammers and attackers rely on lack of awareness for their attempts to be successful.
If you encounter a suspicious email, follow these guidelines…
- Ask yourself. Do I know this sender?
- Communication from banks will have valid certificates.
- Dangerous attachments include .bat, .exe, .html, .js, .zip, and many more…
- Report suspicious emails to IT staff.
To learn more about how we help businesses stay secure and technologically ahead of the curve, click here.