March 26, 2025 • Cybersecurity
There are several ways in which hackers will try to scam you into releasing your information. Often, these can be obvious and send an immediate red flag. However, some can be very sneaky. A new phishing attack, where hackers use Scalable Vector Graphics (SVG files) to deliver multi-stage malware has been detected, and we want to ensure you protect yourself and your information.
Beware of Phishing Emails with Images
An article from MSN states that cybersecurity experts at Fortinet have reported that an unknown threat actor is sending phishing emails claiming that a shipment has been delivered, accompanied by an invoice. However, the attached file is a Scalable Vector Graphics (SVG file) that initiates the infection sequence when opened.
Let’s break it down:
- What are SVG Files?
These are special image files and are commonly used on the web because of their scalability and small file size. However, they can also hold hidden computer code, which can be dangerous.
- What is multi-stage malware?
As the name suggests, multi-stage malware has many stages; meaning the code doesn’t run all at once. It might start by doing one thing, like taking your data, and then secretly download software that can further compromise your device and personal information.
- How does the phishing attack work?
Hackers will use SVG files, which are common in phishing emails or on websites. When you open the file, which might be through an attachment, picture or link, the embedded malicious code begins to run. This may result in harmful programs being downloaded, sensitive information being stolen or even gaining access to your device.
Since most people don’t expect images to be harmful, they are more likely to click on or open them.
Tips to Avoid Falling Victim
Keep these tips in mind when opening an email:
- Use caution with email attachments: Never open an attachment from someone you don’t know or trust, even if it seems harmless.
- Only download/open files from trusted websites: Don’t download files or open links from websites that aren’t credible. To check if a website is trustworthy, here are some helpful tips.
- Check the sender: If you don’t recognize who sent the email, or are unable to confirm its legitimacy, it’s best to block the address and delete the email.
- Verify the message: Most organizations will not ask for personal information via email. If you aren’t sure, contact the business directly, using a contact number or email from their website. If possible, contact someone you know within the business to confirm as well.
- Read the email carefully: Often, you will find spelling errors, grammar mistakes, or odd wording in the message. While mistakes do happen, it is less likely for a large business or organization to misspell common words, or for the text to be difficult to read.
- Educate yourself and others: Hackers often prey on those who are more vulnerable, or not as aware, so be sure to discuss these types of scams with your family and friends.
Always remember!
When in doubt…
Never click on an unknown image or link. If you are unsure, contact a trusted IT company (like us) to confirm. If you have any questions or concerns about your own online safety, contact our team today to discuss.
Liked this article?
We are adding more useful articles to our blog every week! Join our subscribers to stay up to date on digital security, marketing, and social media trends.
By entering your email, you agree to receive our monthly newsletter. You can unsubscribe at any time!
