Security News Email Marketing Trick Incorporated in Hacking Arsenals

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Pixel tracking, a technique often used by email marketing platforms, has made its way into the arsenal of hacking tricks used by threat actors to probe and map a company's internal network.

The technique of "pixel tracking" refers to embedding a 1x1 pixel at the end of emails hosted on the sender's server. As email recipients open the email or forward it to colleagues, the email client loads the image, making a request to the sender's server, who logs the data and uses it for email marketing analytics.

The technique is very efficient because some email clients, especially Web clients, will automatically load images when opening an email.

Most desktop email applications block this operation, but users will allow the images to load, thinking there's a bigger photo somewhere in the email they'll need to view.

Pixel tracking used for network mapping
Hackers have discovered that they can also implement pixel tracking in emails they send to a target they want to compromise, or with phishing emails if they want to determine their efficiency.

While the latter use scenario makes sense, since writing phishing emails is an art in itself and a lot of fine-tuning is needed, pixel tracking can be more deadly when used to map internal networks.
An attacker could craft an email and send it to the company's generic contact email address, asking its recipient to kindly forward it to the IT department, the financial department, and so on.

As the email reaches the proper person, the hacker records details about the PCs and IPs of each department, creating a map of computers most likely to hold sensitive information.

Pixel tracking is more useful than you think
In a subsequent breach, the hacker would know exactly what to target, and avoid wasting time sitting idly on the compromised network and watching traffic to detect packet flows, network structure, and the appropriate computer holding desired data. The less time an attacker spends in a victim's network, the fewer the chances of getting caught.

"Simple pixel tracking may not cause a direct breach, but should raise suspicion as it may mean that someone is trying to find out more information about your network," Neta Oren, security analyst for Check Point explains.

"To stay protected, simply turn off automatic image loading in your email preferences. There are also web extensions you can install that will warn you if your pixels are being tracked or will block them all together."

Two such extensions are the UglyEmail and PixelBlock Chrome extensions for Gmail. Outlook and Thunderbird protect desktop users from automatically opening images via their default configuration.

Below is a phishing email that contains a pixel tracker, received by one of Check Point's customers.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Thanks this is worrying.
I think ProtonMail has this addressed, and as far as I know the only Email provider that cares enough
to protect it's users from tricks like this.
Good share Exterminator, Thanks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top