New day, new scam, and this one is very sneaky.
Cyber criminals are getting smarter. And this recent malware threat is very smart. It impersonates a highly trusted brand name to get a foot in the door.
What happens
Targets receive a convincing looking email that appears to come from a widely used e-signature platform.
This email has a blank image attached. The image is loaded with empty svg files, which are carefully encoded inside an HTML file attachment. (Sorry for getting slightly technical, hang on we are getting there).
In short, it’s very clever and it’s tricking its way past a lot of security software.
And because it is getting past a lot of security software, it is putting businesses like yours at risk. Because code within the image sends people to a malicious URL.
Open the attachment and you could unwittingly install malware onto your device – or even your network – which risks exposing your data and leaving you open to a ransomware attack.
Recently, there’s been a wave of HTML attachment attacks on small and medium sized businesses, so it’s clear that companies need to take action to stay ahead of the criminals.
What you can do
If you use software to sign documents electronically, double-check that emails are genuine before opening any attachments.
There’s a reason why the criminals have chosen to impersonate a trusted name.
Taking things a step further, you could block all emails with this type of attachment, to prevent employees from being exposed to scam emails in the first place.
If you’d like any further advice, or help implementing extra security measures, get in touch.