Phishers count on remotely hosted images to bypass email filters

Help Net Security

Zeljka Zorz

Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters.

Phishers are always finding new ways trick defenses
Phishing emails – especially when impersonating popular brands – contain widely known brand logos and other images to give the illusion of having been sent by legitimate organizations.

Images have also been used for ages as a way to circumvent an email’s textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.

“Unlike embedded images, which can be analyzed in real time by email filters, remote images are hosted on the web and thus need to be fetched before being analyzed,” Vade Secure researchers explained.

To delay the fetching, phishers are employing...

Get the Morning Update

Thanks for subscribing!