0

I got call from revenue and asked them confirmation that's it's call actually from them.

They sent me email (I check Gmail original and it's actually from revenu) with securedoc.html

I need to open this attachment to read secure message.

But I'm not sure if it's secure to open html from your local drive. I read the the following discussion:

The browser has a security sandbox. When you visit a site, that sandbox only permits code on that site to access content on the same domain. If you run html from your machine, then the sandbox now includes your filesystem - and thus can be used to access anything the user can.

Can I open html secure? Maybe in incognito mode?

I saw similar question, but it's about email from unfamiliar sources, in my case I know source.

Alexan
  • 105
  • 6

1 Answers1

1

Secure messaging of this nature is indeed a real thing used legitimately. However, criminals know this and may well try to imitate a real secure message to lure their target(s) into opening unsafe attachments.

If you have verified the sender's address, then you are probably safe. But if you would prefer to take a cautious approach you could open the HTML file in a text editor such as Notepad. You can then read the HTML source code and view any scripts/links embedded within it without actually executing anything.

With regard to browser sandboxing, that point is accurate as far as I know. Regardless, there are ways a capable attacker can escape a browser sandbox (although publicly disclosed methods are quickly patched to prevent exploitation).

Unencoded
  • 201
  • 1
  • 7
  • yes, I opened file in textbox and I saw script there, but it's difficult to understand what it does and it's minimized. – Alexan Jun 14 '20 at 17:22
  • Then you may have better luck understanding it using a JavaScript Deobfuscator and Unpacker, such as https://lelinhtinh.github.io/de4js/. I would be surprised if any of the JavaScript is actually necessary. Most secure message notifications are simple HTML pages with a link to access the secure message. With that said, it is probably simple code to render a slightly better looking/interactive page that cannot be created using only static HTML and CSS, rather than something malicious. – Unencoded Jun 14 '20 at 19:43