Take action to avoid a devious new phishing scam

Another day, another scam. And this is a sneaky one.

?

Cyber criminals are getting smarter. This recent malware threat is unusually smart. It impersonates a highly trusted brand name to get a foot in the door.

?

Targets receive a convincing looking email that appears to come from a widely used e-signature platform.

?

Attached to the email is a blank image that’s loaded with empty svg files, which are carefully encoded inside an HTML file attachment (stay with us here).

?

In short, it’s very clever and it’s tricking its way past a lot of security software.

?

That puts businesses like yours at risk. Because code within the image sends people to a malicious URL.

?

Open the attachment and you could unwittingly install malware onto your device – or even your network – which risks exposing your data and leaving you open to a ransomware attack.

?

Recently, there’s been a wave of HTML attachment attacks on small and medium sized businesses, so it’s clear that companies need to take action to stay ahead of the criminals.

?

If you use software to sign documents electronically, double-check that emails are genuine before opening any attachments.

?

There’s a reason why the criminals have chosen to impersonate a trusted name.

?

Taking things a step further, you could block all emails with this type of attachment, to prevent employees from being exposed to scam emails in the first place.

?

If you’d like any further advice, or help implementing extra security measures, get in touch.