Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'.
Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm. In this post I am going to take a quick look at one of the techniques used in some phishing attacks we have seen in recent months.
Most phishing attacks that we see fall into one of two camps:
- Spam email containing a link to the phish site within the email message body. In some cases, the link in the message body may point to an initial web page (normally hosted on a compromised web site), which redirects the user to the phish site. Either way, clicking on the link results in the user ending up at the phish page.
- Spam email containing a HTML attachment which itself is the phish page. Sophos products block these attachments as Mal/Phish-A.