Home » News » A new scam using blank images targets common people: Reports

A new scam using blank images targets common people: Reports

fb twitter pinterest linkedin
A new scam using blank images targets common people: Reports-GadgetAny

Experts have described a strange new phishing scam using blank images to scam users, and you may not even know it. The form, described as a “blank image,” is used by threat actors to embed empty.svg files encoded with Base64 inside HTML attachments in order to avoid URL redirect detection. DocuSign, the e-signature platform, is the target in this case, with scammers sending a seemingly legitimate DocuSign email with an HTML attachment that, when clicked, opens up what appears to be a blank image.

About “blank image” phishing:

A strange phishing technique is being used to hide empty SVG files inside HTML attachments, making them appear to be DocuSign documents. Researchers at email security company Avanan have named it “Blank Image.” They explain that the attack allows phishing actors to circumvent the detection of redirect URLs. The phishing email sent to potential victims purports to be a DocuSign document, a widely used brand that many recipients are familiar with from their office jobs. The victim is asked to examine and sign the sent document, called Scanned Remittance Advice.htm, because HTML files are often ignored by email security systems and thus have higher chances of reaching the target’s inbox. If a victim clicks on the button to view the completed document, they are taken to a legitimate DocuSign website, but if they attempt to open the HTML attachment, the Blank Image attack is activated.

Ways-to-protect-your-phone-from-hackers-1

The use of SVG files in HTML containing base64-obfuscated code is not new; in December 2022, the same tactic was used in spam that sent the Qbot malware. SVGs are XML-based vector images that can include HTML script tags, so when an HTML document displays an SVG image through an embed or iframe tag, the image is displayed and the JavaScript contained in it runs.

The SVG is empty on the victim’s screen in the DocuSign campaign that the Avanan researcher identified, but the URL redirect code still runs in the background. Emails that have HTML code or HTML attachments should be treated with caution by users.

GadgetAny
Raulf Hernes

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Leave a Reply

Related news