Before you sign a digital document in your email, read this
January 20, 2023
By Kim Komando
Be careful: That SVG file you just downloaded may be harboring a dangerous secret.
Cybercriminals are sending out emails masquerading as DocuSign notifications. Click and they may be able to steal your data using this new spin on one of the most commonly spoofed types of messages.
If you’ve ever tried to open an SVG file, you already know they’re not exactly like PNGs or JPGs. Here’s why you should exercise caution if you receive an email with HTML attachments that include them.
What is the Blank Image attack?
The fraudulent emails in question purport that you’ve got a DocuSign document to sign. In this case, it’s the enigmatically-named “Scanned Remittance Advice.htm.” Scammers use SVG vector images embedded in HTML attachments to bypass the security measures most email inboxes have enabled automatically. Tricky.
While the body of the message itself appears to be relatively harmless, opening the HTML attachment unleashes its nefarious payload onto your device. Instead of the XML data an ordinary SVG would contain, this file holds the attack’s script.
It’s almost impossible for most people to predict whether or not this hidden script exists within any attachment capable of hiding malicious code. So, what can you do?
Your best bet is to delete any DocuSign email that you’re not expecting. Never open HTML attachments that appear to be suspicious or unexpected.
If you’re an avid DocuSign user, ensure that you’re positive that any new documents to sign are legitimate. The same habit should apply to any other brand, of course. If you know you’ve got nothing new to sign, you know something “phishy” may be happening.
How to avoid becoming a victim
DocuSign isn’t the only legitimate brand being used to attack customers. In fact, something similar just happened with Zoom. Follow these simple tips to keep trouble at bay and your data secure:
- Never open attachments from strangers or spam emails.
- Always verify that an “official” email is being sent from the real company. Misspelled email addresses and domains, weird styling in the body of the email and fishy-sounding offers are all suspect.
- Use antivirus software to protect you from snoops and crooks automatically. Kim’s pick is TotalAV.
You can never be too safe online. Here are three dumb mistakes that you don’t realize are putting you at risk.
https://www.komando.com/news/blank-image-attack/