Hackers Collecting Pre-Hack data

Hackers collecting Pre-Hack data using Pixel tracking.

Hackers Collecting Pre-Hack data

Marketers and Advisers use a simple trick to track web users and email recipients. It is email marketing. This also been abused by cyber criminals and online spies to collect information on possible targets or to improve the efficiency of phishing attacks, both mass and targeted in scope. Hackers  collecting Pre-Hack data using Pixel tracking.

Donald Meyer of Check Point Software Technologies Ltd said “We’ve seen a lot more use of this tactic recently as a probing or information-gathering tool, by phishers and other cyber criminals”.

Pixel tracking is a decades-old email marketing technique that depends on embedding a one-by-one pixel image, usually transparent or of the same color of the email’s background which prevents users from noticing them in most cases. Tracking pixels or web beacons are downloaded when a user opens an email or visits a website unless the user blocks the loading of images inside his emails which lets the advertiser know a user has opened one of its emails.

With a code as simple as  “<img src=”http://example.com/cgi-bin/program?e=email-address”>”, the marketing tools ping a website whenever someone downloads an image.

Most email programs and web browsers work, tracking pixels, once downloaded, can collect and report information about the user’s email address, operating system, device, software, IP address, hostname, cookie usage settings, usage of webmail and date and time of opening the email. Email marketers can use this data to measure the effectiveness of their campaigns

Sadly, everything which makes tracking pixels great for marketers and advertisers, automaticity and the amount of data captured — makes them great for hackers’ reconnaissance. Using the same trick if a hacker gets hold of all this information, they can misuse it to carry out malicious campaigns.

 Hackers  collecting Pre-Hack data using Pixel tracking.On Monday, Meyer said in a blog post that,” In phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails. Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed…. Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams”.

Hackers trying to break into a network have to explore its architecture first to find points of entry and ways to move around the system undetected. An attacker will often send phishing emails to map out the network, locate potential weak points and figure out who in the organization is most likely to open suspicious-looking mail and click on links or attachments.

Those employees using webmail clients, it is possible that the company uses a managed cloud services to handle internal operations.  An attacker that can identify that cloud platform could find it very easy to hone future attacks around vulnerabilities in that platform.

Thankfully, it’s not difficult to protect against this clever threat.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Leave a Reply

Your email address will not be published. Required fields are marked *



Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you