Bleeping Computer reported:
An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents.
If a victim clicks on the “View Completed Document” button, they are taken to a genuine DocuSign webpage. However, if they attempt to open the HTML attachment, the ‘Blank Image’ attack is activated.
In the DocuSign-themed campaign that Avanan researcher spotted, the SVG is empty. The victim sees nothing on their screen but the URL redirect code still runs in the background.
Read more in the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
If a victim clicks on the “View Completed Document” button, they are taken to a genuine DocuSign webpage. However, if they attempt to open the HTML attachment, the ‘Blank Image’ attack is activated.
In the DocuSign-themed campaign that Avanan researcher spotted, the SVG is empty. The victim sees nothing on their screen but the URL redirect code still runs in the background.
Read more in the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat