Email-based attacks remain at the forefront of the cybersecurity threat landscape, ever-evolving to circumvent defenses and trick unsuspecting users. In this presentation, we will discuss the nuances of the latest trending social engineering techniques including QR codes, image-as-content attacks, HTML Smuggling SVGs, and more. We will examine several real-world examples, discuss attacker objectives, and explore the tactics used to make them appear legitimate. Additionally, we will discuss methods of detection and prevention by analyzing signals unique to these attacks.

The pervasiveness of QR codes in daily life, combined with the ease of generating them, presents unique security challenges. Their quick-scan nature means users often trust and act on them without the scrutiny given to URLs. Moreover, most traditional email security systems are geared towards analyzing text-based content, making QR-encoded URLs slip through undetected.

In parallel, attackers are leveraging images to embed the text of their attacks. Since many email security scanners rely on analyzing suspicious text and URLs embedded directly in the body of messages, attackers are often able to bypass traditional detection.

Attendees will come away from this talk with a better understanding of the latest email threats and the methods they can use to protect themselves and their organizations against them.