About UsCareersBlogLog In
Cyber Security ResourceCyber Security Resource
  • Home
  • Products
    • IT Security Partnership Program
    • Cyber Security Resource Community
    • Third Party Risk Management
    • Managed Detection and Response
  • Services
    • Cyber Security Risk Assessment
    • HITRUST Readiness Assessment
    • Cyber Security Advisory Services
    • Penetration Test
    • Vulnerability Assessment
  • Solutions
    • Security Awareness & Training
    • Email Phishing
    • Antivirus – Antimalware
  • Resources
    • Cyber Security Resource Library
    • IT Governance
    • Information Security
    • Risk Management
    • Vulnerability Management
    • Incident Response
  • Partners
    • Consultants Network
    • Sales Partners
Facebook
Twitter
LinkedIn
YouTube
About UsCareersBlogLog In

Fraudsters Use HTML Legos to Evade Detection in Phishing Attack

April 8, 2021AddMgrNo Comments
https://img.deusm.com/darkreading/dr_staff_125x125.jpg

Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.

Researchers with Trustwave SpiderLabs are warning of a phishing campaign that employs what it calls “HTML Lego” to deliver a fake login page.

The phishing campaign is aimed at Microsoft 365 users and designed to mimic a Microsoft login interface. Trustwave says the emails contain nothing in the email body but have an attachment that appears to be an Excel file offering information about an investment. This attachment is actually an HTML document with two sections of URL encoded text.  Fraudsters pieced together different pieces of HTML hidden in JavaScript files to generate the fake login page.

Researchers say the first block of URL encoded text is the first part of the HTML code, where the beginning HTML tag is located. The second block of URL encoded text contains an HTML JavaScript code that validates victims’ email and password input.

“This phishing campaign design was a little more tricky than usual,” researchers say in a summary of the findings. “By improvising an HTML email attachment that incorporates remote JavaScript code located on a free JavaScript hosting site, and ensuring the code is encoded uniquely, the attackers seek to fly under the radar to avoid detection.”

A detailed analysis of the campaign can be found here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

More Insights

This post was originally published on this site

AddMgr
Our passion at Cyber Security Resource is to work with IT Security Officers, Risk Managers, IT Managers, and Business Professionals to meet their Compliance and IT Security requirements. We offer IT security risk assessments, network and application penetration testing, and security certification readiness for Hitrust or SOCII.
Previous post Cybersecurity News Feb 4th, 2021 Next post 600K Payment Card Records Leaked After Swarmshop Breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get Our Newsletter

  • Virtual CISO Advisory Services
  • Cyber Security Risk Assessment
  • Vulnerability Assessment
  • Penetration Test
  • Cyber Security Awareness Training

Latest News

  • HITRUST Certification vs HIPAA: What you Need to Know
  • Why Do Businesses Need an Incident Response Plan?
  • Vulnerability Assessment vs. Penetration Testing: What’s the Difference?
  • Healthcare Cyber Security Trends: What You Need to Know Now and Going Forward
  • How To Perform a Cyber Security Risk Analysis For Any Organization.
HomeAccountPrivacy PolicyReturn & Refund PolicyTerms and ConditionsAbout UsContact Us

Return & Refund Policy - Terms and Conditions