Weekly Tip! Blank Image Phishing Scams
Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take advantage of this trust by using blank image phishing to bypass security filters.
The scam starts with a fake email that appears to be from DocuSign. The email asks you to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code. Because this code is hidden inside the attachment, the email can bypass security filters. If you download the attachment, the code will redirect you to a malicious website that will prompt you to enter sensitive information. If you enter this information, cybercriminals can use it for their own purposes.
Follow the tips below to stay safe from similar scams:
The scam starts with a fake email that appears to be from DocuSign. The email asks you to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code. Because this code is hidden inside the attachment, the email can bypass security filters. If you download the attachment, the code will redirect you to a malicious website that will prompt you to enter sensitive information. If you enter this information, cybercriminals can use it for their own purposes.
Follow the tips below to stay safe from similar scams:
- Always think before you download an attachment. This type of cyberattack is designed to trick you into downloading attachments impulsively.
- Never click a link or download an attachment in an email that you aren’t expecting. While this attack targets DocuSign users, this scam could be used with any organization that manages electronic agreements.
- Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds an extra layer of security and lowers the chance of cybercriminals logging in to your account.
The KnowBe4 Security Team
KnowBe4.com
KnowBe4.com
Related Articles
Weekly Tip! Clone Phishing Scams
Organizations often use email to send important information to their customers. If an organization sends out an email that’s missing information, they may send you a follow-up email. Now, cybercriminals are using a technique called “clone phishing” ...Weekly Tip! Blank EkiNet Ticket Scams
EkiNet is a Japanese organization that sells tickets for area passes and train rides. Many people rely on EkiNet to buy transportation tickets every day. Now, cybercriminals are taking advantage of EkiNet’s popularity by impersonating EkiNet in a new ...Weekly Tip! Google Translate Phishing Scams
Google Translate is a free service that you can use to translate text from one language to another. Since Google Translate is a Google product, many people view it as a sign that a webpage is trustworthy. Now, cybercriminals are spoofing Google ...Weekly Tip! Healthcare Reimbursement Phishing Scams
When you request a reimbursement from your healthcare provider, it may be completed through a third-party payment processor. These payment processors often offer direct deposit payments so you can get reimbursed as soon as possible. Unfortunately, ...Weekly Tip! Homoglyph and Unicode Phishing Scams
You may be wondering what homoglyphs and Unicodes are. Homoglyphs are letters or characters that look similar. For example, the character “e” looks similar to the character “ė”. Unicode is a unique code assigned to characters so that any platform or ...