Content deleted Content added
m Dating maintenance tags: {{Cn}} |
|||
Line 94:
If an email contains inline content from an external server, such as a [[Digital image|picture]],
retrieving it requires a request to that external server which identifies where the picture will be displayed and other information about the recipient. [[web bug|Web bug]]s are specially created images (usually unique for each individual email) intended to track that email and let the creator know that the email has been opened. Among other things, that reveals that an email address is real, and can be targeted in the future.
Some phishing attacks rely on particular features of HTML:<ref name=Trend>{{cite web|title=Trend-spotting email techniques: How modern phishing emails hide in plain sight |date=August 18, 2021 |url=https://www.microsoft.com/en-us/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/ |publisher=Microsoft.com}}</ref>
* Brand impersonation with procedurally-generated graphics (such graphics can look like a trademarked image but evade security scanning because there is no file)
* Text containing invisible [[Unicode]] characters or with a zero-height font to confuse security scanning
* Victim-specific URI, where a malicious link encodes special information which allows a counterfeit site to be personalized (appearing as the victim's account) so as to be more convincing.
Displaying HTML content frequently involves the client program calling on special routines to parse and render the HTML-coded text; deliberately mis-coded content can then exploit mistakes in those routines to create security violations.{{cn|date=June 2024}} Requests for special fonts, etc, can also impact system resources.{{cn|date=June 2024}}
| |||