Skip to content

Hackers are using images to spread malicious links

  • by
  • 2 min read

Getting phishing or malicious links into an email and making it reach the recipient’s inbox has become quite a challenge these days. However, researchers at Check Point Harmony Email discovered that hackers are using images to send malicious links to unsuspecting victims. 

Instead of typing out long emails to get the victim to click on a malicious link, the attackers generate a promotional image instead. The images generally invite the user to click on themselves, claiming that they’ve won a prize or are invited to a competition and hyperlink the malicious link to the image itself. 

The scam is obvious to the keen-eyed, as a simple hover of the mouse over the image will reveal the malicious hyperlink, which more often than not bears no resemblance to the actual brands mentioned in these images. Once a user has landed on any of these phishing pages, they can end up giving away sensitive information like login credentials or personally identifiable data that can later be used in identity theft attacks. 

What is phishing? Types of phishing scams and how to protect yourself?

However, as obvious as it might seem, the research indicates that the scam is working. Since no link is mentioned in the email body, these emails can bypass security filters. Additionally, users are also clicking on these images and falling for the scam instead of recognising it and deleting the email. 

That’s not to say that you can’t protect yourself or people you know from such attacks. While a good look at the URL of the page hyperlinked to the poster (and the actual poster itself) will reveal the scam for you, IT admins can implement security measures that scan all links mentioned in an email to root out any sneaky hyperlinks. URL protection and even AI-based anti-phishing software can also help keep the threat at bay. 

In the News: EU asks Google and Facebook to label AI-generated content

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: