Most Phishing attacks start with an email imitating your bank or another provider, telling you that they need to verify your account details, and maybe even tricking you into thinking that your account has been compromised. These types of emails generally contain a link which, if clicked, takes you to a phishing web page hosted online somewhere (generally a legitimate web server that has been poisoned).
Another form of phishing email that is out there is known as “Attachment Phishing”. This is where an email is sent, again purporting to be from your bank, however this time, the email contains an HTML attachment, which you are told is a form that needs to be filled out and submitted, so that the bank can validate your account and unlock it.
When you double click the attachment file, it actually hosts the phishing site locally on your PC. When you hit ‘submit’, the HTML form sends the data through a POST request to a PHP (Hypertext Pre-processor) script hosted on a web server, this could either be a legitimate web server that has been hacked into or a web server that has been configured for fraudulent use.
Tech Tip: POST is used when a computer is sending data over the Internet to a Web server
In order to mitigate this type of phishing attack, the PHP file must be removed from the web server. Unfortunately it can be quite difficult to convince hosts to take down the file, because they can’t see what it’s doing if they don’t have a copy of the actual phishing email.
By deleting the segment in the middle, the attack is rendered useless. Unfortunately, we can never stop the phishing file from going out, because people have it in their email inboxes and we have no access to that.
There is light at the end of the tunnel though, once the PHP file has been removed this renders the attack ineffective and it can no longer harm any additional users that the phishing attachment was sent to.
To protect yourself against becoming a victim of an attachment phishing attack, you should avoid opening HTML attachments if the e-mail seems suspicious, and you should not provide any information in forms. Financial institutions will NEVER send these sorts of attachments to customers.