Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take advantage of this trust by using blank image phishing to bypass security filters.
The scam starts with a fake email that appears to be from DocuSign. The email asks you to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code. Because this code is hidden inside the attachment, the email can bypass security filters. If you download the attachment, the code will redirect you to a malicious website that will prompt you to enter sensitive information. If you enter this information, cybercriminals can use it for their own purposes.
Follow the tips below to stay safe from similar scams:
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.