This odd phishing scam targets victims with a blank image

Blank image scam

Audio player loading…

An odd new phishing scam is using blank images to scam users – and you may not even realize it, experts have claimed.

The format, which researchers at email security company Avanan (opens in new tab) describe as ‘blank image’, consists of threat actors embedding empty .svg files encoded with Base64 inside HTML attachments, which allows them to avoid URL redirect detection.

In this case, esignature platform DocuSign is the targeted host, with scammers sending out a seemingly legitimate DocuSign email containing an HTML attachment that when clicked on, opens up what appears to be a blank image.

TechRadar Pro needs you! (opens in new tab)
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Blank image scam

The catch, though, is that Javacript has been found within the image that leads users to a malicious URL in a method rarely seen up until now. For this reason, may security services will typically fail to detect the threat.

DocuSign is trusted by many businesses, so it’s hard to believe that it could now be scamming employees and consumers, however we’ve reported several cases of scamming on the platform.

Avanan said: “This attack builds upon the wave of HTML attachment attacks that we’ve recently observed targeting our customers, whether they be SMBs or enterprises.”

“By layering obfuscation upon obfuscation, most security services are helpless against these attacks.”

For end users, Avanan suggests being wary of emails that contain HTML (.htm) attachments. Companies can protect their workers even further by implementing a block on emails that contain such files, treating them just like any other executable (like .exe files). 

TechRadar Pro has asked DocuSign whether it is taking any steps against the scam, however imitation attacks like this are rarely preventable. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock