Blank-Image Phishing Attacks Impersonate DocuSign
Please see original blog posts by Avanan here and KnowBe4 here.
Just when you think you have a handle on your cyber security, a new form of attack emerges. An unusual phishing technique surfaced recently. Avanan, a Check Point Software company, released information last week detailing a new attack in which a seemingly real email claiming to be from DocuSign contains malicious content hidden inside a blank image within an HTML attachment.
Malicious Code Inside Blank Image
The campaign begins with an email appearing to originate from DocuSign, which contains a link and an HTML attachment. The phishing email requests the review and signature of a document claiming to be “remittance advice.” The email looks genuine, which could cause you or your employee to act. When clicked, the “View Completed Document” button links to a clean, legitimate DocuSign webpage. This is where things take a turn. Once the document is opened, the blank image attack begins. The attachment includes coding that redirects to the malicious link.
Use Caution Around Emails Containing HTML
Hiding the malware within the empty image attachment masks the true intent of the message, which is an innovation amongst hackers. And as the phishing email contains a legitimate link, it bypasses link analysis and security scanners. Currently, most security services are helpless against these attacks. Researchers at Avanan advise caution around emails containing HTML or an .htm attachment. In fact, they suggest blocking all HTML attachments automatically.
Stay Informed and Alert
As hackers evolve, they inevitably invent innovative approaches, like this one, that can exploit even the wariest email recipient until the protective tools catch up. Staying informed and alert, while also educating your employees, remains your best and final line of defense. Security awareness training can give your organization an essential layer of security by enabling your employees to recognize social engineering attacks, even innovative ones like the blank-image phish hook.
The Bottom Line
To guard against these attacks, be suspicious of any email that contains HTML or .htm attachments and consider blocking all HTML attachments until the sender is verified.
Posted In: Cyber Security, Management (General), Money & Operations, Office & Technology, Uncategorized
BECOME AN ACCA MEMBER