In our earlier blog on online fraud, we explained how HTML attachments are used in phishing attacks. We also mentioned how the attached files were named in order to mislead users. For example:
Account reset form.pdf.htmBank-Account confirmation form.pdf.htm
These filenames may confuse the recipients and trick them into submitting sensitive banking information through the HTML file. Recently
we have come across similar messages that use the same technique, this time for harvesting email addresses. These messages mention the falling sales of a major auto company due to the economic recession. It further states that the government plans to bail them out, but the actual funds have yet to reach the auto company. So, they are offering the sale of 1,000 autos discounted to 35 percent of the original price. They add that this sale will definitely help the company bounce back in their business and also increase their customer base. Recipients will have to fill out and submit the attached form to take part in the offer. A company representative will visit the recipient within five business days after receiving the form. Below is an example of the message:
Along with naming the attached filename to appear as if it is a PDF file, the view of the rendered HTML file has also been changed. When a recipient opens the file attachment a PDF-like view of the form will be displayed. Here is an example image of the attached HTML file:
The rendered HTML file is given a PDF-like appearance using images. Users should note that none of the tools (to save, print, and search the PDF file) work since they are nothing but a part of the HTML image. We can also see that there are supposedly 72 pages available, as opposed to the single form provided in the image. User-submitted data is forwarded using the HTTP Post Request method.
These attempts are again temptations offered to extract information from users. Scammers are continuously coming up with new offers using the backdrop of the economic slowdown and are attempting to trick users into submitting information that might be misused in the future. We always recommend verifying an unsolicited offer before submitting any personal information.