This odd phishing scam targets victims with a blank image

An odd new phishing scam is using blank images to scam users – and you may not even realize it, experts have claimed.

The format, which researchers at email security company Avanan describe as ‘blank image’, consists of threat actors embedding empty .svg files encoded with Base64 inside HTML attachments, which allows them to avoid URL redirect detection.

In this case, esignature platform DocuSign is the targeted host, with scammers sending out a seemingly legitimate DocuSign email containing an HTML attachment that when clicked on, opens up what appears to be a blank image.

Blank image scam

The catch, though, is that Javacript has been found within the image that leads users to a malicious URL in a method rarely seen up until now. For this reason, may security services will typically fail to detect the threat.

DocuSign is trusted by many businesses, so it’s hard to believe that it could now be scamming employees and consumers, however we’ve reported several cases of scamming on the platform.

Avanan said: “This attack builds upon the wave of HTML attachment attacks that we’ve recently observed targeting our customers, whether they be SMBs or enterprises.”

“By layering obfuscation upon obfuscation, most security services are helpless against these attacks.”

For end users, Avanan suggests being wary of emails that contain HTML (.htm) attachments. Companies can protect their workers even further by implementing a block on emails that contain such files, treating them just like any other executable (like .exe files). 

TechRadar Pro has asked DocuSign whether it is taking any steps against the scam, however imitation attacks like this are rarely preventable. 

Go to Source
Author: