Have you recently received an email notification or marketing email that includes image file attachments? These attachments may be JPGs but are most often PNG files. Proceed with caution and avoid opening or viewing image files from unknown and trusted senders. Many people falsely believe that image files are always safe. These people say to themselves, “What could possibly happen by looking at a picture?”. This kind of thinking is misinformed and terribly wrong; there is significant risk in viewing image files. Unfortunately, pictures or image files are used by hackers to covertly transmit malware to innocent people’s computers. Hackers do this by embedding malicious scripts or code within image data that makes up PNG files. While malicious PNG files are a less common cyberattack method, it is increasingly becoming common.
When a user opens a PNG file, its image displays inside a program called an image viewer. These image viewer programs can have software vulnerabilities that hackers exploit to attack your computer. When an unsuspecting individual clicks on a malicious PNG file attachment to open or preview the image, harmful code hidden within the image executes and takes advantage of the image viewer vulnerabilities. The malicious code launches or downloads malware, spyware, or ransomware that compromises the recipient’s device. Other programs on a computer or device can also have vulnerabilities that malicious PNG files exploit. In addition to hiding malicious code and instructions, PNG files can redirect recipients to fake websites that steal their personal data or credentials. This is a sophisticated cyberattack that many antivirus programs are unable to detect and block.
To play it safe, never open unsolicited attachments including image files like GIF, JPG and PNG files. Simply delete the emails and do not ever display the images in preview mode. Always be wary of unexpected files even from trusted senders. Seemingly harmless email attachments like images can be dangerous bundles of code that bypass your computer security software and anti-virus program.
What else can you do to protect yourself?
- Verify Files Before Opening: If you receive an unexpected email with attachments from a friend or family member, call or text them to verify that they sent the email. Do not reply to the email to confirm that the email is safe. You must use a safe mode of communication to confirm authenticity.
Hackers are notorious about breaking into a victim’s email account then sending malicious emails to the victim’s contact list. Hackers know that people automatically trust emails sent by a known person and rarely treat such emails with suspicion. You must always verify legitimacy of emails that include attachments. Do not open or preview file attachments especially if it is not the norm for this person to send images.
- Maintain Antivirus & Software Updates: Purchase and install antivirus software on your devices then keep it active and up to date. Also install operating system updates and other software updates immediately when the vendor releases them.
- Secure Email Settings: Adjust your email program so that images are not automatically downloaded. Search online for instructions on how to disable automatic image downloads for Outlook, GMAIL and other email programs. You can also configure your web browser so that it does not automatically open downloaded images.
- Report Cyberattacks: Report suspicious emails to your email provider by clicking on the “Report Phishing” option in your email program. You can also report malicious email cyberattacks to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.
Watch the YouTube Video on this topic.