.html attachment phishing

Threat Level: Low
Threat Type: Phishing
Advisory Date: 07/13/2023

Description

The University has been receiving emails from seemingly random Outlook or Hotmail email address with a malicious *.html attachment.

The emails will either have your name as the subject line or a blank subject line.  The emails will contain only your name in text, usually pulled from your email address.  They will have a .html attachment with the same name.

When opened with a web browser, the attachments link to a URL shortening service such as bit.ly which then forwards to a malicious site which mines cryptocurrency and sends the user to a common, benign site such as Yahoo.com.

Example Email:

From: John Smith <example1997343@outlook.com
To: Tom.Albert@uregina.ca
Contents:

Tom Albert
Attachment: Tom Albert.html

Impact

This style of phishing attack and attachment can be tempting to open because the email and file often contains the victims name.

We have identified attachments which attempt to mine cryptocurrencies on the victims system.  In future, the attachments could be used for other malicious purposes.

Resolution

Simply ignore and delete the email.

If you are uncertain about the legitimacy of an email message, forward the email message as an attachment to the IT Support Centre for verification.

If you have opened an attachment, please contact the IT support Centre.

Resources

Please contact the IT Support Centre if you have any questions or require assistance:
Email IT.Support@uregina.ca
Phone 306-585-4685
Webform https://www.uregina.ca/is/forms/ticket.html
In Person at ED 137 or Archer Library Commons

Additional Resources:

Information on URL Shortening Services