Experts have claimed that a strange new scam is using blank images to trick users – and you might not even realize it.
Coordination done by researchers at an email security company Avanan (Opens in a new tab) Described as an “empty image”, it consists of threat actors embedding empty Base64-encoded .svg files inside HTML attachments, allowing them to avoid URL redirect detection.
In this case, the DocuSign electronic signature platform is the target host. Fraudsters send a legitimate-looking DocuSign email containing an HTML attachment which, when clicked, opens what appears to be a blank image.
Blank scam image
However, the catch is that Javascript was found inside the image that leads users to a malicious URL in a way that has been rarely seen until now. For this reason, security services may usually fail to detect the threat.
DocuSign is trusted by many companies, so it’s hard to believe that it could deceive employees and consumers now, but we have reported many cases of fraud on the platform.
“This attack builds on the wave of HTML attachment attacks we’ve seen recently targeting our customers, whether they’re small and medium businesses or businesses,” said Avanan.
“By obfuscating layers of obfuscation, most security agencies are powerless against these attacks.”
For end users, Avanan suggests being wary of emails that contain HTML (.htm) attachments. Companies can further protect their employees by applying a block to emails containing such files, and treating them just like any executable files (such as .exe files).
TechRadar Pro DocuSign asked if it was taking any steps against the scam, but copycat attacks like this can rarely be prevented.