>
A strange new phishing scam is using blank images to scam users – and you may not even realize it, experts claim.
The format, which researchers from email security company Avanan (opens in new tab) described as “blank image”, consists of threat actors embedding empty .svg files encoded with Base64 in HTML attachments, which allows them to avoid detection of URL redirects.
In this case, e-signature platform DocuSign is the target host, with scammers sending a seemingly legitimate DocuSign email with an HTML attachment that, when clicked, opens a seemingly blank image.
Blank image scam
The catch, however, is that Javascript has been found in the image directing users to a malicious URL in a way rarely seen until now. For this reason, many security services will usually fail to detect the threat.
DocuSign is trusted by many companies, so it’s hard to believe it can now scam employees and consumers, but we’ve reported several scams on the platform.
Avanan said, “This attack builds on the spate of HTML attachment attacks we’ve seen recently targeting our customers, whether they be SMBs or large enterprises.”
“By piling embezzlement on embezzlement, most security agencies are helpless against these attacks.”
For end users, Avanan recommends being wary of emails that contain HTML (.htm) attachments. Companies can further protect their employees by blocking emails containing such files and treating them just like any other executable file (such as .exe files).
Tech Radar Pro has asked DocuSign if it is taking steps against the scam, but such impersonation attacks are rarely preventable.