Cybercriminals have been using blank images and documents in emails to bypass security filters and redirect you to malicious websites.
Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take advantage of this trust by using blank image phishing to bypass security filters.
The scam starts with a fake email that appears to be from DocuSign. The email asks you to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code. Because this code is hidden inside the attachment, the email can bypass security filters. If you download the attachment, the code will redirect you to a malicious website that will prompt you to enter sensitive information. If you enter this information, cybercriminals can use it for their own purposes.
Follow the tips below to stay safe from similar scams:
- Always think before you download an attachment. This type of cyberattack is designed to trick you into downloading attachments impulsively.
- Never click a link or download an attachment in an email that you aren’t expecting. While this attack targets DocuSign users, this scam could be used with any organization that manages electronic agreements.
- Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds an extra layer of security and lowers the chance of cybercriminals logging in to your account.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.