Before you sign a digital document in your email, read this

Be careful: That SVG file you just downloaded may be harboring a dangerous secret.

Cybercriminals are sending out emails masquerading as DocuSign notifications. Click and they may be able to steal your data using this new spin on one of the most commonly spoofed types of messages.

If you’ve ever tried to open an SVG file, you already know they’re not exactly like PNGs or JPGs. Here’s why you should exercise caution if you receive an email with HTML attachments that include them.

What is the Blank Image attack?

The fraudulent emails in question purport that you’ve got a DocuSign document to sign. In this case, it’s the enigmatically-named “Scanned Remittance Advice.htm.” Scammers use SVG vector images embedded in HTML attachments to bypass the security measures most email inboxes have enabled automatically. Tricky.

While the body of the message itself appears to be relatively harmless, opening the HTML attachment unleashes its nefarious payload onto your device. Instead of the XML data an ordinary SVG would contain, this file holds the attack’s script.

It’s almost impossible for most people to predict whether or not this hidden script exists within any attachment capable of hiding malicious code. So, what can you do?

Your best bet is to delete any DocuSign email that you’re not expecting. Never open HTML attachments that appear to be suspicious or unexpected.

If you’re an avid DocuSign user, ensure that you’re positive that any new documents to sign are legitimate. The same habit should apply to any other brand, of course. If you know you’ve got nothing new to sign, you know something “phishy” may be happening.

How to avoid becoming a victim

DocuSign isn’t the only legitimate brand being used to attack customers. In fact, something similar just happened with Zoom. Follow these simple tips to keep trouble at bay and your data secure:

  • Never open attachments from strangers or spam emails.
  • Always verify that an “official” email is being sent from the real company. Misspelled email addresses and domains, weird styling in the body of the email and fishy-sounding offers are all suspect.
  •  Use antivirus software to protect you from snoops and crooks automatically. Kim’s pick is TotalAV.

Continue reading

True or false: That email you got from the Social Security Administration is a phishing scam

We all know the risks that come with surfing the internet. Spoofed websites, malicious links and malware are more prevalent than ever. That’s why many people are cautious when handling suspicious correspondence.

After all, more than 80% of emails sent daily are spam. To drive more awareness about spam emails, various government departments often urge users not to open any messages that supposedly come from them.

Continue reading

Cybercriminals and spies targeting routers: Hackers’ new side hustle is charging Chinese and Russian spies and scammers for access to old routers so they can launch denial-of-service (DoS) attacks or send scammy spam emails. If your device is more than three years old, it’s time to upgrade.

Blackmail warning: Hackers are sending X-rated emails

Scammers know all the tricks to catch potential victims in their data-stealing traps. Hidden malware, fake advertising, or bogus phishing apps are all part of a cybercriminal’s technological arsenal. But there is one aspect that scammers frequently target: the human mind.

Continue reading

Inbox full of junk? 5 simple ways to stop spam for good

Go to your email inbox and click on your spam folder. See those rows and rows of quarantined emails? Imagine them filling up your main inbox instead. Spam is a real issue for anyone with an email account.

While built-in spam filters for Gmail or other email clients can help temper the issue, they can’t do all of the heavy lifting. Spam emails can still slip through, not only wreaking havoc on your tidy inbox but also sometimes bringing phishing schemes or malware along with them. Tap or click here for a recent example.

Continue reading

Windows alert: Fake Office updates trick you into downloading malware

It’s rare for malware threats to stay the same. In fact, the more time that passes without addressing a threat, the more dangerous it becomes. That’s why early detection, patches and education are critical to protecting people from cyberattacks.

Continue reading

Take control of your inbox and clean up those annoying spam emails

There are two kinds of people: Those who keep their inbox at zero and those floating around 14,503. All right, some live in the space in between, but the point is if you don’t keep careful control of your emails, your inbox can become unmanageable before you know it.

Continue reading

Microsoft warns of massive phishing campaign targeting PCs

Have you been busy during quarantine? If not, don’t worry — most of us haven’t been. But that statement doesn’t apply to hackers and cybercriminals, who’ve spent the COVID-19 pandemic refining their technique and creating phishing websites to steal people’s data.

Continue reading

Smart home camera data exposed: 2.4 million records leaked

In an age where data is treated as a commodity to be bought and sold, there’s bound to be incidents where bad people go after it to line their own pockets. That’s why data leaks are no laughing matter, and in the last year, the number of major leaks has been steadily on the rise.

Continue reading