Why HTML-rendered email is dangerous?
- HTML-rendered email can include invisible images, and a hacker can execute a malicious code while loading the image for example :
img src="http://www.hackerdomain.com/getemailcoockie.asp"
An image like this can be used to execute a server-side script to read your email cookie to get your password. HTML-rendered email to track the message and giving the sender the ability too know whether an email was read,when it was read, and if it is forwarded to others. Spammers use this technique to know whether an email address is valid or not, and if the recipient like to read their spam. Plain text does not support image, so this scenario cannot happen. - HTML-rendered email can open or download attachments to the system. Plain text email prevents email attachments from opening automatically.
- HTML-rendered email allows miscreant marketers and criminals to obfuscate the links, making them appear to point to somewhere else other than the user expected. These techniques are common in phishing scams, which often use scare tactics to entice a user to click a link allegedly leading to their bank or a well-known eCommerce site. Instead, the link takes the user to a website controlled by the scammer. It may look and feel like the website the user expected, but it's not. And behind the scenes, their login details and personal financial information are quietly being recorded for the criminal's later use.
In plain text email, there are no hidden commands - the link displayed is the actual link.
No comments:
Post a Comment