Phishing Attach

Recently, I've been seeing phishing attacks using Web forms attached to emails making the rounds again. This type of phishing isn't so common but is used on occasion, so I want to take this opportunity to remind everyone not to fall for this trick.

Common phishing attacks include emails purporting to be from legitimate entities like financial instituions, auction sites, and SNS sites which include links to Web sites set up by the attacker to steal user information.

In this case, however, the phishing site arrives as an email attachment rather than a link to the site included in the body of the email.

Here is what one of the emails looks like:

And the attached HTML file looks like this:

When the form is filled out and submitted, the information is relayed to an external server prepared by the attacker. After the submission is processed, the user is redirected to a real site owned by the bank.

To combat phishing attacks, most web browsers have a security feature that alerts you when there is an attempt to visit a phishing site.  Security products also have the same feature. However, because the phishing site is local in this case, there is no URL that can be blocked. Symantec does, however, block the email as spam, so it's really important that not only do you use antivirus software, but also use spam filtering as well as an IPS and a firewall to ensure the most complete protection from today's threats.