Finance

Phishing with SHTML Attachments

16 - 23 July 2019

An ongoing phishing campaign is using server-parsed HTML (SHTML) file attachments
Cyber_News_Finance

An ongoing phishing campaign is using server-parsed HTML (SHTML) file attachments for directing victims to malicious sites that ask for sensitive and personal information. SHTML files are typically used on web servers and rarely seen as a conduit for phishing attacks. In this campaign, users are tricked into opening the SHTML attachment as the phishing email is crafted to look like a receipt for a large payment. When activated, obfuscated JavaScript code within the SHTML file will divert victims to phishing sites for harvesting users’ information and login credentials. More than 100,000 users have been targeted, of which the majority are from the finance industries in the UK, Australia and South Africa.

 

References:

New Phishing Attack Emerges Using SHTML File Attachments

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence