According to researchers at Kaspersky, statistical data is showing that the use of HTML files within phishing emails is still very prominent. The company detected over two million emails with these types of attachments targeting their customers in the first four months of 2022. HTML (HyperText Markup Language) is a language that defines the meaning and structure of web content. HTML files are interactive content documents designed specifically for digital viewing within web browsers. These files are not malicious by themselves, and work well when trying to bypass anti-spam filters and trick users into opening when contained as an attachment within emails. These files are commonly used to redirect victims to malicious websites, download files, or display credential-stealing forms within a browser. HTML attachments are typically base64 encoded, which allows filters to easily scan them for malicious URLs or documents. To bypass detections, threat actors will often include JavaScript within the HTML document to bypass filtering but still be able to run malicious code once the HTML document is opened.