What Is a Blank Image Phishing Scam?
Phishing is a social engineering tactic that aims to get your private information. And cybercriminals continually develop new phishing attacks to catch more users off-guard. One such method is the blank image phishing scam. Here’s how to identify and protect yourself against it.
Blank Image Phishing Scams Explained
People targeted by blank image phishing scams receive emails with .html or .htm attachments, which only contain blank images. However, once individuals click on them, they get redirected to malicious websites.
Examining the attachment’s HTML file reveals an SVG file with Base64 encoding. Javascript embedded in the blank image causes an automatic redirection to a dangerous URL.
Suffice to say, you should never enter any details. Otherwise, you’ll give information to the hackers.
Measures to Defend Against Blank Image Phishing Scams
Avanan, the researchers who identified this scam, cautions that it bypasses virus-detection tools. That means you can’t depend on scanners from email providers or your employer to detect it.
Additionally, this scam hides the files in seemingly legitimate emails. The researchers’ example was a message appearing to come from DocuSign. The name of the malicious attachment was “Scanned Remittance Advice.”
The “View Document” link in the email takes people to an actual DocuSign page, but the trouble starts when people click on the accompanying attachment.
That example highlights why you should never engage with unexpected emails or attachments, even if they seem authentic or make you curious about the contents. Phishing scams cause numerous problems for victims. They could lead to you giving hackers sensitive information, such as your banking details.
So what can you do? Company administrators could change email settings to block .html attachments. Many businesses already do that with .exe files to make email systems safer.
Another possibility for people in authority is to run a phishing simulation to see how people react. Phishing simulations can show which team members need more cybersecurity training. They also help prevent real attacks by increasing workers’ preparedness.
The general rule is not to submit any private details or to download attachments from people you don't know or entirely trust. If you do get a suspicious email from someone, contact them via a different platform and check the link or attachment is genuinely from them.
Phishing Attacks Continually Evolve
The blank image phishing scam is a timely reminder that hackers frequently develop new ways to trick their victims, to catch them off-guard. The format of this approach is particularly problematic since the most dangerous aspect appears as merely a blank message. There are no spelling errors, images, or anything else that could tip you off to a typical phishing attack.