An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious content inside a blank image within an HTML attachment in phishing emails claiming to be from DocuSign.
Hiding the malware within the empty image attachment hides the true intent of the message, and contains a legitimate link, allowing for the email to bypass link analysis and security scanners. Researchers advise caution around emails containing HTML, suggesting blocking all HTML attachments and treat them like executables.
The threat actors evolve, and they’ll inevitably come up with novel approaches, like this one, that can catch out defenders until the protective tools catch up. An informed, alert user is the best and final line of defense. New-school security awareness training can give your organization an essential layer of security by enabling your employees to recognize social engineering attacks, even innovative ones like the blank-image phish hook.