Loading remotely hosted images rather than embedding them directly into emails is one among the newest tricks employed by phishers to bypass email filters.
Phishers are always finding new ways to trick defenses
Phishing emails – especially when impersonating popular brands – contain widely known brand logos and other images to offer the illusion of getting been sent by legitimate organizations.
Images have also been used for ages as how to bypass an email’s textual content analysis but, as security technologies became better at extracting and analyzing content from images, phishers began trying out several tricks to form the method harder and time-consuming for security scanners.
“Unlike embedded images, which may be analyzed in real time by email filters, remote images are hosted on the online and thus got to be fetched before being analyzed,” Vade Secure researchers explained.
To delay the fetching, phishers are employing multiple redirections, cloaking techniques, and are hosting the pictures on high-reputation domains.
“The use of JavaScript is additionally common in order that it’s necessary for security vendors to use state of the art web crawlers that are costlier and harder to scale. Cloaking techniques can also be wont to make sure that it’s the intended victim that’s fetching the image and not a security vendor. For example, a phishing campaign targeting customers of a Canadian bank may only deliver the malicious content to web connections originating from Canada. Additionally, hosting remote images on high-reputation websites renders domain reputation-based detection ineffective,” they acknowledged .
At the instant , this new approach to delivering images in phishing emails is sort of popular and clearly rather successful, but as email security vendors find ways to counter these tricks, cyber criminals will need to change tack another time – then the race continues.