Kingston Police warn residents of blank image phishing scam


Local police in Kingston are warning the public of a prevalent email scam. Explaining the phishing scam, police say, most email providers have security filters that check emails for malicious links or attachments. However, though someone may feel like they can rely on these filters, cybercriminals can take advantage of this trust by using blank image phishing to bypass security filters.

Kingston Police continue to explain that the scam starts with a fake email that appears to be from DocuSign. The email asks the received to review and sign a document as soon as possible and contains an HTML attachment. Instead of an important document, the attachment is a blank SVG with malicious code. Because this code is hidden inside the attachment, the email can bypass security filters. If the person who recieved the email then downloads the attachment, the code will redirect them to a malicious website that will prompt them to enter sensitive information. If this information is entered, cybercriminals can use it for their own purposes.

Police give some helpful tips to stay safe from similar scams:

- Always think before you download an attachment
- Never click a link or download an attachment in an email that you aren't expecting
- Enable multi-factor authentication (MFA) on your accounts when it is available

With files by CFRA's Connor Ray