Hello, welcome to the Tuesday, June 16th, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

One of the more tricky ways to do a fishing attack is instead of setting up a website and redirecting the user to the website, you are just delivering

an HTML file as an email attachment, and this HTML file will then implement the actual

phishing page.

So the user opens the attachment, the HTML will then be rendered by the user's default

browser displaying some kind of login form whatever the attacker decided to send you. And then,

of course, the attacker has to somehow get the data that you are submitting. And there are a couple

different ways of doing this.

Now, of course, it could be done just with a little submit in a form that then redirects

to the external site or JavaScript or like in this case, an I-frame that actually includes

part of the code from a remote website.

So this is kind of a little bit of a hybrid approach where some of the HTML is being delivered

as part of the email. The rest is then included via the iFramm. This gives the attacker some flexibility

to, for example, redo that part of the HTML.

At this point, this attack that one of our readers send us in Rick Analyzed doesn't really look all that sophisticated, a little bit clumsy as Rick describes it, but of course the sad part is, sometimes the attacker learns and then these attacks

are getting progressively better.

And you may have noticed that today and that's on Monday we had some issues with cell phone

connections in the US.

Now it appears that T-Mobile was the most affected network, but according to some reports,

other carriers may have been affected as well.

...