| Back in the days when Windows 98 was the
| |
| | text message is lower in comparison to
|
| latest Microsoft operating system, HTML
| |
| | seeing an exact replica of their bank's
|
| email messages accounted for a large
| |
| | website requesting their personal
|
| number of infected Windows-based systems.
| |
| | details.
|
| Surprisingly, things have not changed
| |
| | As compared to these attempts some of our
|
| much nowadays either. Accepting and
| |
| | peers make with the purpose to scam
|
| displaying HTML email messages still pose
| |
| | people for their personal information,
|
| a great deal of threats for email users,
| |
| | viruses and worms do not use the same
|
| regardless of what operating system they
| |
| | techniques. Their goal may be infecting
|
| are using, or if the latter is actually
| |
| | the operating system, but the infection
|
| immune to an attack based on
| |
| | mechanism may be hidden behind a special
|
| vulnerabilities of other systems.
| |
| | offer for a free product, that may
|
| To illustrate, here are some of the
| |
| | actually cost the user a lot more than if
|
| possible threats posed by the use of HMTL
| |
| | they had bought a similar product for
|
| messages; including, but not limited to
| |
| | real money.
|
| virus or other malware infections, which
| |
| | Another commonly encountered threat
|
| still account for a high degree of risk.
| |
| | consists in the simple viewing of a HTML
|
| Based on HTML email, a malicious person
| |
| | message that can further trigger the
|
| is able to perform different scams and
| |
| | delivery of more spam to the user's
|
| phishing attacks. These types of attacks
| |
| | mailbox.
|
| consist in fooling the targeted email
| |
| | How is that possible? You may ask. For
|
| address user into giving out personal
| |
| | instance, the spammer sends HTML messages
|
| information such as: name, address, email
| |
| | that contain a different image filename
|
| address, personal bank account
| |
| | link in each of the sent out messages. He
|
| information. Such attacks involve
| |
| | also has an association between each
|
| impersonating a legitimate website to
| |
| | image filename link and the email address
|
| which the user may have previously
| |
| | that the message is sent to. When the
|
| registered and created an account.
| |
| | message is displayed on the user's
|
| Some scammers may go as far as
| |
| | computer, if HTML viewing is enabled, the
|
| impersonating banks or other financial
| |
| | respective image file will be
|
| institutions such as PayPal, in order to
| |
| | automatically requested from the
|
| obtain credit card information or other
| |
| | spammer's server.
|
| personal details that can later be used
| |
| | At this point, the spammer knows that the
|
| to purchase goods, or even to empty a
| |
| | message has been viewed on a computer
|
| bank account. Many bank account frauds
| |
| | and, based on the requested filename and
|
| are made this way. As a countermeasure,
| |
| | using the association created, he now
|
| if HTML emails are filtered at server
| |
| | knows that the respective e-email address
|
| level in a way that causes only text to
| |
| | is in use. As a result, the spammer has
|
| be displayed such fraud attempts can be
| |
| | found an active email user that he can
|
| blocked and prevented.
| |
| | convince to buy some of the products he
|
| Email clients have different approaches
| |
| | advertises for. Another source of income
|
| to HTML email. Mozilla Thunderbird, for
| |
| | for the spammer is selling a database of
|
| example, does not display HTML content by
| |
| | verified addresses, which is even more
|
| default, as opposed to Outlook Express
| |
| | valuable than a database that contains 3
|
| which displays HTML content by default.
| |
| | quarters of bouncing addresses.
|
| This does not mean that scams cannot be
| |
| | This concludes some of the most important
|
| performed using simple text as well, but
| |
| | scenarios and consequences of using HTML
|
| the probability for someone to believe a
| |
| | in an email application.
|
