Malicious Links and Attachments

08/16/2023


MALICIOUS LINKS AND ATTACHMENTS

DANGEROUS LINKS


Users are often advised not to click on links in emails. Links are one of the hidden dangers usually found in malicious emails. Let’s look at how links are represented in emails and how you can determine if they are safe.


When viewing an email, you can view it in either HTML or plain text format. Here's the difference between the two:

1.    HTML Format: HTML (Hypertext Markup Language) is the standard language for creating web pages and richly formatted content. When an email is displayed in HTML, it allows for a visually appealing and interactive experience. Here are some characteristics of HTML-formatted emails:

•    Formatting: HTML emails can include various formatting options such as font styles, colors, sizes, headings, bulleted or numbered lists, and indentation. They can also include images, hyperlinks, tables, and other elements to enhance the visual presentation.

•    Layout: HTML emails can have a structured format with multiple columns, sidebars, and sections. This allows for a more organized and visually appealing presentation of the email content.

•    Multimedia: HTML emails can embed multimedia elements like images, videos, and audio. This enables the inclusion of dynamic content that can engage the reader and provide additional information or context.

•    Interactivity: HTML emails can include interactive elements like clickable buttons, forms, and dropdown menus. These features enable users to act directly within the email, such as submitting a form or navigating to a specific webpage.

•    Design customization: HTML emails offer greater design flexibility, allowing organizations to create branded templates, consistent layouts, and visually appealing email campaigns.


2.    Plain Text Format: Plain text emails, as the name suggests, contain only simple, unformatted text. They do not support any styling or graphical elements. Here are some characteristics of plain text emails:

•    Simplicity: Plain text emails are plain and simple, consisting of text only. They do not contain any formatting, images, or other visual elements. This simplicity can be advantageous in scenarios where minimalism or compatibility is prioritized.

•    Accessibility: Any email client or device can read plain text emails, as they do not rely on specific rendering capabilities. They are universally accessible and typically load faster compared to HTML emails.

•    Compatibility: Some email clients or devices may not support HTML rendering or have security restrictions preventing displaying HTML content. In such cases, the email is displayed as plain text by default, ensuring the recipient can still read the message.

•    Reduced risk: HTML emails can sometimes carry security risks such as phishing attempts or hidden malicious code. Plain text emails are generally considered safer since they cannot execute scripts or contain embedded content that may pose a risk.


Here are a few examples to illustrate how links can be created in HTML:

A basic text link:


<a href=”https://www.example.com”>Visit Example Website</a>



This HTML statement creates a link that displays "Visit Example Website" and directs the user to https://www.example.com when clicked. Note that the text that is displayed may be misleading. The URL visited when you click the link text could be a malicious webpage. You can reveal the target of a link by “hovering” the mouse cursor over the displayed text. In Figure 1 below, the mouse cursor is hovered over the link text “unsubscribe” to show the target URL. In a malicious spam email, this link text could point to a webpage where malware is automatically downloaded. To be safe, it is wise to check out any link before clicking on it.

Never trust link text. Hover over it first to display the target URL of the link before you click on it. 

If the target URL looks different than you would expect (such as an unfamiliar domain), then you can check to see if it has been reported as unsafe by copying the link and pasting it into a link checker such as https://www.virustotal.com/gui/home/url.













 

FIGURE 1. DISPLAY TARGET URL BY HOVING MOUSE CURSOR OVER LINKRULE BASED ON FROM DOMAIN.


This link looks legitimate because the target URL is the expected domain.


Linking an image:


<a href=”https://www.example.com”>Visit Example Website</a>

 <img src=”image.jpg” alt=”Example Image”> </a>


This HTML statement creates a link where the image "image.jpg" is displayed, and clicking on the image directs the user to https://www.example.com.

Be careful about clicking on any images in an HTML document.


Any image in an HTML document can have a link attached to it. The mouse cursor often changes shape from an arrow to a small hand. Hovering over an image will display the target URL of a link. An example of such an image in an email is shown in the Figure 2:


 












FIGURE 2. HOVERING OVER AN IMAGE TO DISPLAY TARGET URL.