Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters.
Phishers are always finding new ways trick defenses
Phishing emails – especially when impersonating popular brands – contain widely known brand logos and other images to give the illusion of having been sent by legitimate organizations.
Images have also been used for ages as a way to circumvent an email’s textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.
“Unlike embedded images, which can be analyzed in real time by email filters, remote images are hosted on the web and thus need to be fetched before being analyzed,” Vade Secure researchers explained.
To delay the fetching, phishers are employing multiple redirections, cloaking techniques, and are hosting the images on high-reputation domains.
At the moment, this new approach to delivering images in phishing emails is quite popular and obviously rather successful, but as email security vendors find ways to counter these tricks, cyber criminals will have to change tack once more – and so the arms race continues.