Summary: Sophos has discovered a new phishing technique using Scalable Vector Graphics (SVG) files that evade traditional anti-phishing protections to harvest user credentials. These SVG files, which appear harmless as they contain simple graphics, include malicious links that open in a web browser upon being clicked. Attackers are increasingly sophisticated in their methods, using social engineering tactics and well-known brand impersonations to deceive victims.
Affected: Organizations using email communication systems (e.g., DocuSign, Microsoft SharePoint, Dropbox, Google Voice, RingCentral)
Keypoints :
- Sophos identifies SVG files as a new vector for phishing attacks, including links to credential theft sites.
- Attacks feature social engineering tactics, impersonating trusted brands to increase credibility.
- Phishing techniques have advanced to include CAPTCHA gates, credential pre-filling, live templates, and JavaScript auto-redirects.
Source: https://securityonline.info/sophos-uncovers-rising-threat-of-svg-based-phishing-attacks/