Image-Based Phishing

Images may be used by cyber attackers to perform a phishing attack just like a malicious link or an infected attachment. Clicking an image or graphic included in an email may execute malware, initiate a malicious download, or send you to a website intended to steal your credentials or financial information. 

In some image-based phishing attacks, the attacker composes the message, turns the content into an image and sends the image to unsuspecting recipients. Recipients don’t realize they are viewing an image of text. Since there are no visible links to click, the recipient doesn’t feel the threat of a malicious URL. Not realizing they are viewing a screenshot of text, they may click the image which could contain embedded malicious links, fake login pages, or other fraudulent content.

Watch for the traditional phishing red flags (e.g. unexpected message, too good to be true, sense of urgency, spelling errors, message inconsistencies).

Report questionable emails using the PhishAlarm button in Outlook.