Plan
active
HTML phishing attachments use comment stuffing to evade AI detection
- Engineer — Learn: Comment stuffing in HTML attachments is a novel obfuscation technique worth understanding when tuning email security tooling or evaluating AI-based scanning products; no patch or config change required.
- SOC/IR — Plan: Build or tune email-gateway detections to flag HTML attachments with abnormally high comment-to-content ratios, as this technique is designed specifically to bypass AI-based filters your stack may rely on.
- Leader — Skip
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.