Security News > 2022 > May > HTML attachments remain popular among phishing actors in 2022
HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves.
The phishing forms, redirection mechanisms, and data-stealing elements in HTML attachments are typically implemented using various methods, ranging from simple redirects to obfuscating JavaScript to hide phishing forms.
To evade detection, threat actors commonly use JavaScript in the HTML attachments that will be used to generate the malicious phishing form or redirect.
The use of JavaScript in HTML attachments to hide malicious URLs and behavior is called HTML smuggling and has become a very popular technique over the past few years.
In November, we reported that threat actors used morse code in their HTML attachment to obfuscate a phishing form that the HTML attachment would display when opened.
HTML attachment distribution was first seen spiking in 2019, but they remain a common technique in 2022 phishing campaigns, so they should be seen as red flags.