One of my co-workers received an e-mail with an attachment titled “INVOICE_26.HTML” and asked if there was anyway to scan it before clicking on it.
Since it’s an .html file virus scanners would claim it was not infected since the file isn’t infected with a virus or trojan. This is just a phishing attempt which starts when a user opens the fake internet page.
So I viewed the source code of the file in notepad ++ and this is what I found.
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
.container {
position: relative;
width: 100%;
max-width: 400px;
}
.container img {
width: 100%;
height: auto;
}
.container .btn {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
background-color: #228B22;
color: white;
font-size: 16px;
padding: 12px 24px;
border: none;
cursor: pointer;
border-radius: 5px;
text-align: center;
}
.container .btn:hover {
background-color: black;
}
</style>
</head>
<body>
<h2><font face="arial"><u>D<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>ocu<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>ment is sec<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>ured</u></font></h2><br>
<p><b><font face="sans serif">Cl<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>ic<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>k be<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>low to v<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>iew com<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>ple<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>te fi<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>le</font></b></p>
<div class="container">
<img src="https://i.ibb.co/qghx6vy/b.jpg" alt="invoice" style="width:100%;height:100%">
<button class="btn" onclick="window.location.href='https://ingenioxicotencatl.com/adk/wamp.php?warp=020202'" >Vie<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>w Fi<span style="font-size: 0px">jgfhgfhgfchgfxhfesyrdzxdgszgczgcxzgfdzhfdxhgfxjgfxjgfcjhcgfjgckjhufkugk</span>le</button>
</div>
</body>
</html>If you actually look through the code you will quickly learn that all that gibberish and random letters will not show up on the page due to it being between the tags shown below.
<span style="font-size: 0px"> </span>Instead anybody viewing the page would simply see the following words.
Document is secured Click below to view complete file View File
The words “View File” are actually a button which goes to the url shown in the code above.
Aka this is just a lame phishing attempt that somebody is trying to confuse the average person with however I’m no average person and simply do not fall for tricks like this.
Check out the links below for more information regarding phishing.
- Why we fall for phishing e-mails
- 6 sure signs somebody is phishing you
- What to do after a phishing attack.
- What are the latest phishing scams in 2020
Leave me a comment below if you enjoyed this article!
lol, well as a tech engineer for over 20 years, I can tell you phishers get more sophisticated, but lol they can’t fool me into clicking anything … besides you know we can easily spot bs …