Hackers are using pictures to trick you into clicking on phishing links — Don’t fall for this

An email inbox displayed on the screen of a laptop, next to a cup of coffee.
(Image credit: one photo/Shutterstock)

In order for their attacks to be successful, hackers need to constantly come up with new ways to bypass the best antivirus software and other security solutions.

This is especially true with phishing attacks, which often rely on getting unsuspecting users to click on suspicious links in emails and other messages. However, new research from the cybersecurity firm Check Point has revealed a new technique used by hackers that’s currently making the rounds online.

As reported by our sister site TechRadar, instead of trying to write out convincing phishing emails, hackers have taken to using images to do the heavy lifting instead. While phishing messages can be easy to spot due to poor spelling, bad grammar and other red flags, hackers are now using large, promotional images in their attacks to avoid detection.

Just like when you get a promotional email from Best Buy, Amazon or other large retailers, these phishing emails feature a large image instead of any text. However, when you click on one of these images, you’re taken to a phishing site designed to steal your passwords and other sensitive information.

Even pictures can be dangerous in suspicious emails

These suspicious emails wouldn’t be phishing messages without a good lure to draw people in and this time, the hackers behind this campaign are using gift cards and loyalty programs to get unsuspecting users to click. However, they’re also impersonating brands like Kohl’s and Delta.

An example of phishing email impersonating Kohl's

(Image credit: Check Point / Tom's Guide)

In the examples shared by Check Point, hackers are using a free loyalty program from Kohl’s as well as a gift card from Delta as their lures. The images in both of these emails contain a link that takes anyone who clicks on them to a credential harvesting page designed to steal their usernames and passwords.

Hiding their malicious links inside pictures also allows the hackers behind this campaign to bypass URL filters which are used by Gmail, Outlook and other email services to protect their users from these kinds of scams.

How to stay safe from phishing emails

Fish hook on a keyboard

(Image credit: Shutterstock)

When it comes to protecting yourself from phishing attempts like the ones described above, you want to carefully inspect any email that ends up in your inbox.

For starters, you want to look at the sender’s address and see if it looks like a legitimate one. Keep in mind that you can always reach out to a company to see if any email address actually belongs to them if you’re not entirely sure it’s a fake.

From here, you want to avoid clicking on any links or downloading any attachments a suspicious email may contain. For the links, you can take your mouse cursor and hover over them to reveal where they take you. If you happen to see a shortened link or one that doesn’t match a company’s website, you want to avoid clicking on it at all costs.

Finally, the other important thing you want to keep in mind while checking your email is that both hackers and scammers try to instill a sense of urgency to trick you into clicking on links or responding to their phishing emails. By not letting your emotions get the best of you and by keeping a cool head, you can avoid falling to many of the most common tricks used by hackers.

Now that the hackers behind this campaign have seen some success using images instead of text in their phishing messages, expect copycats to follow suit and use this technique in their own attacks. As such, this will be something you want to continue to look out for when checking your email.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.