This odd phishing scam targets victims with a blank image

Blank image scam
(Image credit: Avanan)

An odd new phishing scam is using blank images to scam users - and you may not even realize it, experts have claimed.

The format, which researchers at email security company Avanan describe as ‘blank image’, consists of threat actors embedding empty .svg files encoded with Base64 inside HTML attachments, which allows them to avoid URL redirect detection.

In this case, esignature platform DocuSign is the targeted host, with scammers sending out a seemingly legitimate DocuSign email containing an HTML attachment that when clicked on, opens up what appears to be a blank image.

TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Blank image scam

The catch, though, is that Javacript has been found within the image that leads users to a malicious URL in a method rarely seen up until now. For this reason, may security services will typically fail to detect the threat.

DocuSign is trusted by many businesses, so it’s hard to believe that it could now be scamming employees and consumers, however we’ve reported several cases of scamming on the platform.

Avanan said: “This attack builds upon the wave of HTML attachment attacks that we’ve recently observed targeting our customers, whether they be SMBs or enterprises.”

“By layering obfuscation upon obfuscation, most security services are helpless against these attacks.”

For end users, Avanan suggests being wary of emails that contain HTML (.htm) attachments. Companies can protect their workers even further by implementing a block on emails that contain such files, treating them just like any other executable (like .exe files). 

TechRadar Pro has asked DocuSign whether it is taking any steps against the scam, however imitation attacks like this are rarely preventable. 

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!