TLDR
A new phishing campaign is flooding inboxes with emails carrying SVG (Scalable Vector Graphic) attachments. While SVG is normally a benign image format, browsers render SVG files like HTML, so attackers embed obfuscated JavaScript that...
Como funciona
A new phishing campaign is flooding inboxes with emails carrying SVG (Scalable Vector Graphic) attachments. While SVG is normally a benign image format, browsers render SVG files like HTML, so attackers embed obfuscated JavaScript that...
Señales de alerta
- Unsolicited email with an .svg attachment instead of a normal image or PDF. No visible image content
- opening the file in a text editor reveals script code. Redirect URL uses an unusual TLD (e.g. .cfd ) and embeds the recipient's email address in the path
Qué hacer
- 1Do not open unexpected SVG attachments: forward them to your IT/security team and
Fuente
FAQ
Es Phishing Wave Uses SVG Attachments to Redirect Users to Credential Theft Pages una estafa real?
Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.
Cuales son las primeras senales?
Unsolicited email with an .svg attachment instead of a normal image or PDF. No visible image content; opening the file in a text editor reveals script code. Redirect URL uses an unusual TLD (e.g. .cfd ) and embeds the recipient's email address in the path
Que debo hacer primero?
Do not open unexpected SVG attachments: forward them to your IT/security team and
Puede LegalAudit revisar mi caso?
Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.