Ask Jack: Can An Image Deliver Malware?

I heard that images could contain malware - is that true?

 

Yes, it is true. In fact, there is a recent report that malware is circulating that uses images from the James Webb telescope. The images are popular online, making them a lure used by cybercriminals. 

In this particular scheme, an email goes out with an alert declaring a new image is available to see. When targets select the attachment, they unknowingly download malware that can spy on their usage remotely. https://oicanadian.com/malware-hidden-in-photos-of-james-webb/

The takeaway is that cybercriminals use whatever is in front of society to deliver malware. During the pandemic, it was phishing campaigns about the pandemic and vaccines. Now, online criminals have adapted to something different - a popular space telescope and its images.

No matter the subject matter of an email, it is important not to select any attachment or link. If you want to view images from a third party, don't wait for them to come to your in-box, but research and find them from a trusted source…not the easy source.  

 

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.

 

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

Ask Jack: Is Malvertising Really A Threat To Organizational Data?

Malvertising is making a comeback, and the FBI is concerned that organizations may fall for it. Jack explains the risk and provides information from the FBI on methodology and prevention. Read More

Ask Jack: What Is The Most Important Step For Protecting Data In 2023?

A 2022 study points out the culprit in the vast majority of successful cyberattacks. Jack explains why following the data can help organizations lower their cyber risk in 2023. Read More

Ask Jack: Is TikTok A Threat To Employers?

TikTok has long been under scrutiny. Jack McCalmon shares insight on why employers should take the reports seriously. Read More