At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing Emails Use SVG Files to Avoid Detection

      Phishing emails are increasingly using Scalable Vector Graphics (SVG) attachments to display malicious forms or deliver malware, BleepingComputer reports. 

      SVG is an image format that’s stored in XML text files, allowing users to create an image through XML code by specifying shapes, colors, and text. Threat actors are using these files to craft convincing phishing forms that can bypass security filters.

      “SVG attachments used in a recent campaign pretend to be official documents or requests for more information, prompting you to click the download button, which then downloads malware from a remote site,” BleepingComputer says.

      “Other campaigns utilize SVG attachments and embedded JavaScript to automatically redirect browsers to sites hosting phishing forms when the image is opened. The problem is that since these files are mostly just textual representations of images, they tend not to be detected by security software that often. From samples seen by BleepingComputer and uploaded to VirusTotal, at the most, they have one or two detections by security software.”

      Users should be on the lookout for SVG attachments, since they aren’t commonly used by most businesses. If an SVG file displays what looks like an Excel spreadsheet with a login portal, for example, it’s certainly a phishing attempt.

      “Receiving an SVG attachment is not common for legitimate emails, and should immediately be treated with suspicion,” BleepingComputer says. “Unless you are a developer and expect to receive these types of attachments, it is safer to delete any emails containing them.”

      New-school security awareness training can keep your employees up-to-date on evolving social engineering tactics so they can thwart these types of phishing attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

      BleepingComputer has the story.

        Request A Demo: Security Awareness Training

        New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

        PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

        https://www.knowbe4.com/kmsat-security-awareness-training-demo

        New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

        Request A Demo!

        PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

          Sign Up to the TIO Intel Alerts!

          Back To Top