"Fraudsters Use HTML Lego to Evade Detection in Phishing Attack"

Researchers with Trustwave SpiderLabs have released a detailed analysis of a new phishing campaign aimed at Microsoft 365 users. The fraudsters behind the campaign employ "HTML Lego" to deliver a fake Microsoft login page. According to Trustwave, the phishing emails do not have an email body, but they do contain a malicious attachment that appears to be an Excel file with information about an investment. This attachment is really an HTML document with two sections of URL encoded text. The threat actors put different pieces of HTML together and hid them in JavaScript files to generate a fake login page. This article continues to discuss the use of HTML Lego in a new phishing campaign to avoid detection. 

Dark Reading reports "Fraudsters Use HTML Lego to Evade Detection in Phishing Attack"