We all look out for those malicious .pdf, Word and Excel attachments, when we are looking through our email. Research has now shown that the attached html file can be a huge threat.
HTML attachments found to be the most malicious type of file | TechRepublic
It is a difficult attack to detect as html files in themselves are not malicious, which is why they are becoming a popular tool of the the threat actor. The malware is not in the file but using multiple redirects they can access a variety of malicious code on the web.
I have added html files to my Social Engineering and Phishing Training programme.