Recently, “my bank” sent me an email with a notice about my account. Being a security conscious IT guy, I was 99.999% sure that no bank would ever send an email with a .html attachment. After updating Norton and Malwarebytes, I got clean scans of the attachment from both. Even though all the links in the email were to Wells Fargo, I was certain that the attachment had malicious intent, and uploaded it to Virus Total, and 1 of the 57 online scanners, 56 gave a green check mark, and 1 correctly said Heuristics.Phishing.Email.SpoofedDomain.
Had the attachment been a virus or trojan, the detection rate may have been much higher. Regardless, be careful. Don’t think that your security software will protect you from willy-nilly clicking on attachments, because it may not. I have had other instances of attached trojans getting clean scans. Only after I uploaded them to my security software vendor did they analyze and update their software to detect and remove them. It’s dangerous out there.