A strange new phishing scam is using blank images to trick users — and you might not even realize it, experts claim.
format, researchers at email security firm Avanan (opens in a new tab) Described as a “blank image,” it consists of threat actors embedding empty Base64-encoded .svg files in HTML attachments, which allows them to avoid URL redirection detection.
In this case, e-signature platform DocuSign was the target host, and the scammers sent a legitimate-looking DocuSign email containing an HTML attachment that, when clicked, opened a seemingly blank image.
blank picture scam
Be aware, however, that Javacript was found in the images, which directs users to malicious URLs in a hitherto rare method. As a result, security services are often unable to detect threats.
DocuSign is trusted by many businesses, so it’s hard to believe it could be defrauding employees and consumers right now, but we’ve reported several cases of scams on the platform.
“This attack builds on the recent wave of HTML attachment attacks we’ve observed targeting our customers, whether they’re SMBs or enterprises,” Avanan said.
“Through layers of obfuscation, most security services are unable to defend against these attacks.”
For end users, Avanan advises to be wary of emails that contain HTML (.htm) attachments. Companies can further protect their employees by implementing blocking emails containing such files, treating them like any other executable file (such as .exe files).
Technology Radar Pro DocuSign has been asked if it is doing anything to combat the scam, but such impersonation attacks are almost impossible to prevent.
