This is a newly discovered email vulnerability:

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.

This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.

An attacker can use this to include elements in the email that appear or disappear depending on the context in which the email is viewed. Because they are usually invisible, only appear in certain circumstances, and can be used for all sorts of mischief, I’ll refer to these elements as kobold letters, after the elusive sprites of mythology.

I can certainly imagine the possibilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

ICO Probes Kate Middleton Medical Record Breach

March 21, 2024 0 Comments 0 tags

The ICO said it is assessing the reported breach of Kate Middleton’s medical records at The London Clinic

Crickets from Chirp Systems in Smart Lock Key Leak

April 15, 2024 0 Comments 0 tags

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks.

CISA Releases One Industrial Control Systems Advisory

April 9, 2024 0 Comments 0 tags

CISA released one Industrial Control Systems (ICS) advisory on April 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-100-01 SUBNET PowerSYSTEM Server