HTML emails can be a serious security risk.
Simple version of the risk is that using the style-setting CSS feature of HTML email, completely different content can be substituted in various email viewing situations. The differning presentations can be used for phishing and other ill-intended games.
More technical explanation:
https://lutrasecurity.com/en/articles/kobold-letters/
What is Kobold?
Kobold https://en.wikipedia.org/wiki/Kobold
Basically Kobold is “mischief with a mind of its own.”
What does this mean for Hams?
That yet another way for external actors to get inside your systems exists, and one that you might not reasonably have much control over.
The late Steve Uhrig WA2SWS of SWS Security told me decades ago to only exchange plain text emails. WA2SWS consulted to Tom Clancy on security matters and appeared in the movie “Enemy of the State” along with layers of less visible security work on contract, military and national interest basises. Back then he had already realized that emails could be exploited to carry unexpected payloads.
As few of us are really going to revert to plain-text emails, keeping our protective systems and our awareness peaked might be the best response to this ongoing threat.
Other ideas?
73
Steve
K9ZW
With Varying Frequency - Amateur Radio Ponderings 