[German]Today a brief security warnung: A blog reader informed me about a special threat variant in e-mails. A mail contains a clickable image that redirects users to malware sites.
The creativity of the phishers are almost infinite. Because word may have spread around that attachments and links in emails could be 'dangerous', thread actors tries another 'hook. The idea: They embed a picture in a mail and distribute it widely via a spam campaign. The image is stored on a web server, but is embedded really tiny within the message.
The following screenshot shows such an example, where a table of an order was allegedly send. However, the content is not really readable, so that some users are tricked to click on the image to enlarge it. Because the image is embedded with a link, that leads to a malicious website where malware is played or phishing attacks are attempted.
A warning of a blog reader
German blog reader Michael G. sent me a short mail about a concrete case with the following information (thanks for that). I just post it (in a translated version) here for information. Michael wrote:
today a user forwarded a mail to me without clicking on the link (the last security instruction obviously finally worked!)
The mail contains a text and a preview picture in the middle of the text , which is very hard to see.
If you are curious enough and click on the picture, you will be redirected to the page: http*://ninetoes[dot]com
Michael writes that he can't open the page because Endpoint Protection prevents that. If you have a suspicious link and don't has Endpoint Protection or similar solutions, you need an alternative way to check the target. I such a case you can open pages like Virustotal, urlvoid.com or Bitdefender in your browser and enter the suspicious URL. When checking for Virustotal and urlvoid, I was informed that three antivirus providers classified the site above as suspicious (malware, phishing).
So always stay cautious and instruct your users about the dangers when clicking on a linked picture.
Cookies helps to fund this blog: Cookie settings