New type of phishing attack targets UK finance sector


A new kind of phishing attack uses server-parsed HTML as a base for its cyber-attack. The attack occurs through attachments in emails that are sent to the users who are instantly diverted to a malicious site. Once there, the site asks the user for sensitive and personal information.

This particular type of phishing uses SHTML file attachments with JavaScript code, that allows the unsafe URL to be disguised and hidden away from the user. 

At the beginning of April, the Mimecast Threat Center team were alerted to the issue. Tomasz Kojm, senior engineering manager at Mimecast commented that, “This seemingly innocent attachment redirecting unsuspecting users to a malicious site might not be a particularly sophisticated technique, but it does present businesses with a big lesson. Simple still works. That’s a huge challenge for organisations trying their best to keep their systems secure.”

This rare type of phishing mainly targeted the UK (55 percent), Australia (31 percent) and South Africa (11 percent), primarily the finance, accounting and higher education sectors. The Mimecast team used critical threat intelligence to create a code that would pinpoint every email that contains this specific SHTML. By doing this, Mimecast’s gateway is able to identify and intercept any email that uses this specific phishing attack. In the two months since the defence went up, over a hundred thousand users have been protected from this phishing attack, saving them from possible financial losses. 

report from Mimecast about the attack stated that, “Phishing is an increasingly common and widespread problem that isn’t going away anytime soon.” To evade these attacks and protect your finances it is best to avoid attachments in emails unless you have been told about them beforehand or are sure they are legitimate. Kojm suggested that, “If in doubt, follow the basic rule to ignore, delete and report.”  For big companies, he also recommended training “every employee so they can spot a malicious email the second it arrives in their inbox.”

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

What do you think?

49 points
Upvote Downvote

Written by ben shekelberg

Leave a Reply

Your email address will not be published. Required fields are marked *

crypto currency

MyDashWallet compromised for two months, wallet keys taken

judge sentencing gavel

Dream Vendor “The Drug Llama” Pleads Guilty to Distributing Fentanyl on the Dark Web