Avoid a devious new phishing scam
Another day, another dollar…into the pockets of scammers…
How? How could this possibly be?
Cybercriminals are smart–and only getting smarter.
How?
By impersonating highly trusted brand names.
It all starts with a convincing-looking email. There’s problem number one.
Problem number one: a convincing-looking email
You got an email and it looks too legit to be legit. But you don’t second-guess it, because it’s from you-know-who, your boss, a company you know and trust, it looks like it’s coming from a widely used e-signature platform.
But you never check the email address…and there’s an attachment. Problem number two.
Problem number two: you didn’t verify the email address or attachment
You never checked the email address to verify that the email is from who it says it’s from.
Also, you see the attachment and you think, “Goodie! An attachment!” And you’re ready to open it like a kid at Christmas.
But the attachment is a blank image…problem number three.
Problem number three: a blank image
The blank image attachment is actually filled with empty svg files, carefully encoded inside an HTML file attachment. And what’s the problem with that? Well, that’s problem number four.
Problem number four: carefully encoded attachment
The blank image svg attachment is more than tomfoolery, of course. And the fact that it’s blank and carefully encoded inside an HTML file attachment means it’s a very sneaky and very clever way of tricking a lot security software from catching it. And you open the attachment.
There’s problem number five.
Problem number five: opening the attachment
Now that you’ve opened the attachment, your business, even your network is at risk.
Why?
Because the code-laden blank svg image sends you to a malicious URL, thereby installing malware on your device or network, exposing your data and leaving you open to a ransomware attack!
So what?
The tech site, Your Tech Updates, reports that recently, “there have been a wave of HTML attachment attacks on small to medium-sized businesses, so it’s clear that companies need to take action to stay ahead of the criminals.”
What to do?
Recommendations:
- If you use software to sign documents electronically, double-check that emails are genuine before opening any attachments.
- Always double-check the email address to make sure it’s really from someone you know and trust.
- If you aren’t sure whether it’s a legitimate email, reach out to the person who’s supposedly emailing you the attachment and ask them if they emailed you what they seemingly emailed you. (Of course, you should not reply to the email in question!)
- Block all emails with this type of attachment, to prevent yourself and employees from being exposed at all.
We are here to help!
Whether you’ve opened up your network to a data breach or you want help in training your employees to be cyber-savvy, we can help you! Our job is to make your job all that much easier, to smooth the road, so you can run your business without having to stress about IT support needs.