New Phishing Technique Bypassing Security Software

A unique phishing campaign is using a new technique in an attempt to steal email account credentials. The phishing email contains simple text referencing an attached payment notification in an HTML file format, says the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Rather than redirecting the user to a remote site when opened, JavaScript in the attached file prompts a login form directly within the user’s browser which, in turn, can bypass security software. This generated form includes various email account login options and requests the user to enter their corresponding credentials, notes the NJCCIC.