Image Phishing Attacks:
How Are They Bypassing Spam Filters?




My sister’s story started with a very enticing email subject and a seemingly irresistible offer. The email appeared to be from Kogan, an online store where she had made a few gadget purchases in the past. The reward promised is a Ninja Air Fryer in exchange for joining the loyalty program. 

Emily is an avid shopper and liked to find discounts and freebies where she could, and she just couldn’t pass up on the free air fryer. She went ahead and clicked “confirm now”. The link took her to a survey website that seemed legitimate like it was from Kogan. And at the end of the survey, they asked for her credit card information to cover the shipping costs for the supposedly free item.

After confirming the payment, Emily was redirected to multiple spam and scam websites. All these annoying pop-ups bombarded her screen, asking her into buying more discounted things. At this point, she had a feeling that something was wrong and realized she had fallen for a fraudulent scheme 

She immediately contacted her bank to report what had happened. However, even though she acted quickly, her account had already been charged an additional $100. 

Take a look at the email that Emily received. How many red flags can you spot in this email?

A lot of people receive emails like the one Emily received. You may come across email scams pretending to be from Amazon, Kohl’s, or Dick’s Sporting Goods. If you’re unsure whether an email is a scam, you can hover over the email address to check its legitimacy. If the address consists of a bunch of numbers, doesn’t use the company’s official domain, or has a suspicious domain, it’s probably a scam. 

Learn more about how we protect your personal email.

How are these emails bypassing spam filters?

The email above initially appears to have text, graphics, and buttons, but upon closer inspection, we discovered that the entire email is actually an image.

You might wonder, “What’s the issue with having images in an email? Many businesses include images in their promotional emails.” Image-based phishing scams are more difficult to detect compared to traditional text-based attacks. These scams use images to create emails that often imitate those sent by trusted companies. The images may contain links or information that lead unsuspecting users to websites designed to collect sensitive information, download malware onto their devices, or gain unauthorized access to their accounts.

Other examples of image phishing emails that typically bypass security filters:

Remote Hosting Images

Hackers take advantage of remote hosting on reputable domains, such as Wikipedia, GitHub, or Google, to further evade detection. By hosting images remotely, cybercriminals ensure that the email recipient sees the image while the filter only sees the link. This bypasses reputation scans and prevents analysis of textual content placed on the image. Hackers can cleverly conceal suspicious keywords or language, making it more challenging to identify phishing attempts.

However, malicious links can be embedded in remote content. A seemingly harmless image tag may actually direct users to malicious scripts or other harmful content, compromising their devices and performing unwanted actions on their behalf. By blocking remote content from loading entirely, users can protect themselves from these potential threats.

In our next blog, we will show you some tips to avoid image scams and tell you a bit about how Sangu Mail can help.

One Response