A strange new phishing scam is using empty images to trick users – and you may not even realize it, experts say.
A format that researchers at an email security company avanan (opens in a new tab) Described as a “blank image”, it consists of cybercriminals embedded in HTML attachments of empty Base64-encoded .svg files, allowing them to evade URL redirection detection.
In this case, the target host is the DocuSign e-signature platform, and scammers send a seemingly legitimate DocuSign email containing an HTML attachment that, when clicked, opens what appears to be a blank image.
Empty image scam
The catch, however, is that JavaScript code was found in the image, which leads users to a malicious URL in a way rarely seen before. For this reason, security services may not typically detect a threat.
DocuSign is trusted by many companies, so it’s hard to believe that it can now defraud employees and consumers, however, we have reported several cases of fraud on the platform.
Avanan said, “This attack builds on a wave of HTML attachment attacks we’ve seen recently targeting our customers, whether they’re SMBs or enterprises.”
“By imposing obfuscation upon obfuscation, most security services are helpless against these attacks.”
Avanan advises end users to be careful with emails containing HTML (.htm) attachments. Companies can further protect their employees by blocking emails containing such files, treating them like any other executable file (e.g. .exe files).
TechRadar Pro asked DocuSign if it is taking any steps against fraud, but such imitation attacks are rarely preventable.