BleepingComputer, a cybersecurity website, reports an increase in cybercriminals using SVG files for phishing through emails. This is done by leveraging SVG’s ability to embed HTML files within tags.
One example of this attack is attaching an SVG file to an email. Most antivirus scans may not detect anything unusual since it only contains text and images. However, when users open the SVG file in a web browser, they will see a fake Excel screen with a prompt to enter their Microsoft Account password. If users fall for this, their passwords will be stolen instantly.
Another example highlighted by BleepingComputer involves creating fake government documents that prompt users to provide additional information and download a PDF file. Unfortunately, clicking the download button actually downloads malware instead.
BleepingComputer emphasizes that detecting these threats largely depends on the antivirus company’s policies. It is uncommon for emails with SVG file attachments to be used in business settings, so recipients should be cautious when receiving such emails.
TLDR: Cybercriminals are increasingly using SVG files for phishing attacks through emails, tricking users into revealing sensitive information or downloading malware. Be wary of emails with SVG file attachments and always verify the source before taking any action.
Leave a Comment