HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. HTML (HyperText Markup Language) is a language that defines the meaning and structure of web content. HTML files are interactive content documents designed specifically for digital viewing within web browsers.
In phishing emails, HTML files are commonly used to redirect users to malicious sites, download files, or to even display phishing forms locally within the browser.
As HTML is not malicious, attachments tend not to be detected by email security products, thus doing a good landing in recipients' inboxes.