Jan 22 / Admin

New Scam Alert: New 'Blank Image' attack hides phishing scripts in SVG files

Bleeping Computer reported: 

An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents.

If a victim clicks on the “View Completed Document” button, they are taken to a genuine DocuSign webpage. However, if they attempt to open the HTML attachment, the ‘Blank Image’ attack is activated.

In the DocuSign-themed campaign that Avanan researcher spotted, the SVG is empty. The victim sees nothing on their screen but the URL redirect code still runs in the background.

Read more in the original article here.

Enroll in Training Sessions:  Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
* indicates required