Mimecast Identifies Brand New Phishing Tactic Called "SHTML"


In early April, the Mimecast Threat Center team discovered a rare type of server-parsed HTML (SHTML) based phishing attack emerging from the UK.

When users opened attachments in these phishing campaign emails, they were immediately redirected to a malicious site requesting sensitive information. The image above shows an example of the targeted attack email that organizations received.

Their Threat Center utilized this critical threat intelligence to create an advanced custom rule that directly identifies the SHTML construction, and in a two-month period since deployment, Mimecast detected more than 100,000 individual users being attacked with this new type of phishing.

Email Is Still The Number One Attack Vector. Here is the Mimecast Takeaway:

"Phishing is an increasingly common and widespread problem that isn’t going away anytime soon. Remain vigilant by avoiding links and attachments – like the malicious SHTML document employed in the above phishing attack – in email messages unless you’re certain they’re legitimate. If in doubt, follow the most basic and effective solutions at your disposal – ignore, delete and report."

KnowBe4 strongly recommends the free Phish Alert Button to do that reporting to your Incident Response Team.

Free Phish Alert Button

When new spear phishing campaigns hit your organization, it is vital that IT staff be alerted immediately. One of the easiest ways to convert your employees from potential targets and victims into allies and partners in the fight against cybercrime is to roll out KnowBe4's free Phish Alert Button to your employees' desktops. Once installed, the Phish Alert Button allows your users on the front lines to sound the alarm when suspicious and potentially dangerous phishing emails slip past the other layers of protection your organization relies on to keep the bad guys out.

Get Your Phish Alert Button

Don't like to click on redirected links? Cut & Paste this link in your browser:


Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews