- Security researchers spotted phishing emails with SVG attachments
- The nature of SVG files allows them to bypass email protections
- Common sense remains the best way to defend against phishing
Hackers are always looking for new ways to sneak phishing emails into people’s inboxes, and it seems SVG attachments are the next big thing.
Security researchers recently posted about SVG attachments on Twitter, claiming their nature allows them to bypass email protections and land malicious content in victim’s inbox.
For the uninitiated, SVG is short for Scalable Vector Graphics – it’s a lossless image format used all across the web, especially for content that is designed to be viewed on screens of different sizes. Images are not created with pixels, but rather with XML-based code which defines graphics. Since images are built with code, they cannot be analyzed by antivirus programs in the traditional sense of the word. As a result, many bypass current protections.
Fake Excel
According to MalwareHunterTeam, some cybercriminals found a way to abuse this fact. One of the examples was creating a fake Excel spreadsheet with SVG which allows people to submit different content (mostly login credentials and other valuable information).
Even if email security solutions providers find a way to defend against SVG-borne email attacks, crooks will only find another attack avenue.
Therefore, relying exclusively on software to protect your inbox against these threats is super risky. Instead, experts suggest humans be put in the proverbial trenches – using common sense, spotting phishing emails, and acting accordingly (reporting and deleting the email immediately) remains the best form of defense.
Another way crooks can bypass email protection in phishing attacks is through the use of QR codes.
Since these come in .JPG or similar image formats, they rarely get scanned for malice. Furthermore, QR codes in emails usually force victims to bring up their mobile devices, which are rarely as secure as desktop devices, increasing the chances of infection or data loss.
Via BleepingComputer