Tracking pixels could be the next phishing attack

Beware of images that are so small, that image could lead to your next phishing attack. These image files or tracking pixels like GIF or PNG formats are designed to send a string of code to outside website so that it can be used as a marketing tool for various email and web advertising.

The image is usually only one pixel in size and can be as the same color as the background to disguise itself from the user and to prevent user to know that they are being tracked.

The code in the pixels is meant to inform the website when the user is downloading the image. It can contain the information such as IP address, OS, web browser types, cookies and other information warns checkpoint researchers.

Checkpoint researchers further explain that phishers can use tracking pixels to learn about the victim’ s scam mails. These attacks can leverage the tracking pixels as surveillance tool.

“ For well over a decade, it has been understood that you can utilize tracking pixels in Microsoft Office files like Word documents, Excel spreadsheets and PowerPoint presentations. This works because Office files can link to an image located on a remote Web server. Putting a tracking pixel in an Office document allows you to be able to track a document’ s activity as it moves through an organization,” the security firm notes.

Although the tracking pixels haven’ t yet been found as the direct cause of a breach and the threat actors can use the information of which email recipients are most likely to open email scams to increase the chances of a successful phishing attack.

Enterprises have been advised to deploy email and anti-phishing security controls on their respective cloud environment and should be patched up at all times. And another tip is to look for anomalous image placeholders while downloading image in advertising email can also help not to get breached by tracking pixels.

Tag : Phishing
FAQ
Q
What is Phishing?
A
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as UC Berkeley technology departments or financial organizations related to the university.
Q
How can I identify a Phishing scam?
A
The first rule to remember: Never give out any personal information in email. No institution, bank or otherwise, will ever ask for this information via email. It may not always be easy to tell whether an email or website is legitimate, but there are many tools to help find out.
Q
Why is understanding the risk of Phishing important?
A
Phishing attacks are an ongoing threat to campus and are becoming increasingly sophisticated. Successful Phishing attacks can cause financial loss for victims and put their personal information at risk.
Q
How would I know if my CalNet credentials were compromised?
A
You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.

Passwords are most frequently compromised one of three ways:
Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
Malware or other compromise of your device which installs software designed to run in the background and steal passphrases
Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed
Q
Where can I learn more about avoiding Phishing scams?
A
Federal Trade Commission: Avoiding Scams 101 (link is external)
Federal Bureau of Investigation: Common Fraud Schemes and Prevention Tips