HTML attachments remain popular among phishing actors in 2022

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/html-attachments-remain-popular-among-phishing-actors-in-2022/

HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. HTML (HyperText Markup Language) is a language that defines the meaning and structure of web content. HTML files are interactive content documents designed specifically for digital viewing within web browsers.

In phishing emails, HTML files are commonly used to redirect users to malicious sites, download files, or to even display phishing forms locally within the browser.
As HTML is not malicious, attachments tend not to be detected by email security products, thus doing a good landing in recipients' inboxes.

Statistical data from Kaspersky indicates that the trend of using HTML attachments in malicious emails is still going strong, as the security company detected 2 million emails of this kind targeting its customers in the first four months of the year.

The numbers culminated in March 2022, when Kaspersky's telemetry data counted 851,000 detections, while a drop to 387,000 in April could be just a momentary shift.