During the last 4 months, SophosLabs has seen an explosion in the resurgence of HTML attachment spam. As shown in the following figure, it accounts for 8% of all the spam in the June and September, and about 2-3% in July, August and October.
On the other hand, in an attempt to evade detection, phishing scammers continued to tweak and change the manner of their phishing scam distribution. A large volume phishing scam campaigns against financial organizations like Paypal, and Banche di Credito Cooperativo, were sent out in the last few months. Instead of setting up a bogus financial website, scammers insert the phishing contents directly into the HTML attachment (as shown below):
Although the HTML attachment spam campaigns has been spiking during the last 4 months, from the view of SophosLabs; the campaigns have been inconsistent in their distribution. SophosLabs has no reason to believe that this pattern is likely to change in the next few months.