Skip to content

Scam of the Week – Blank Image Phishing

Blank Image Phishing

Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take advantage of this trust by using blank image phishing to bypass security filters.

The scam starts with a fake email that appears to be from DocuSign.

The email asks you to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code.

Because this code is hidden inside the attachment, the email can bypass security filters. If you download the attachment, the code will redirect you to a malicious website that will prompt you to enter sensitive information. If you enter this information, cybercriminals can use it for their own purposes.

Follow the tips below to stay safe from similar scams:

  • Always think before you download an attachment. This type of cyberattack is designed to trick you into downloading attachments impulsively.
  • Never click a link or download an attachment in an email that you aren’t expecting. While this attack targets DocuSign users, this scam could be used with any organization that manages electronic agreements.
  • Enable multi-factor authentication (MFA) on your accounts when it is available. MFA adds an extra layer of security and lowers the chance of cybercriminals logging in to your account.

Once they have access, cybercriminals can steal sensitive information from you and your organization.

Need some security advice or help?

IT cybersecurity partners, like Blue Fox Group, help businesses & IT leaders:

  • Review of your security posture and gaps
  • Review any regulatory compliance activity and requirements
  • Determine how to store and safeguard large amounts of sensitive data through Detection & Response and Encrypted backup services.
  • Build a Remote Employee Security Checklist
  • Implement Multi-factor Authentication & Phishing Security 3.0
New call-to-action
Back To Top