Spammers seem to believe that they don’t always need to invent new strategies to enter a user’s inbox—they know they can utilize existing tactics with better results. They are now re-using the tactic of attaching HTML files in their spam messages—this time in aid of the 419 spam category. This tactic began with simple phishing attacks, followed by a variation using URL encoding of HTML code, and was also observed in email-harvesting attacks. When we discussed this trend in earlier blogs, we noted that these types of attacks may not be restricted to phishing attacks alone. Actually, we are seeing these attacks extending to other malicious activities.
Presently we are observing 419 spammers making use of HTML attachments in the hopes of reaching a user’s inbox. We have not found any major differences in the messages inside, when compared to similar attacks carrying DOC/RTF/TXT attachments.
We opened the attachment to examine the actual message.
Some sample subject lines associated with these attacks are listed below:
The email body of this attack will normally request that the user open/download/ view/read the attached file. This is quite similar to what we see with attacks containing DOC/RTF/TXT attachments. Some sample “Call of Action” lines are as follows:
Here are some sample names of the attached HTML file:
We remind users not to casually open attachments, especially if the emails have originated from an unknown source. Also, with 419 spam messages, it is recommended that email users should not respond to fake appeals or show interest in any of the moneymaking offers.