I wanted to bring to your attention a recent security alert regarding a significant increase in the use of Scalable Vector Graphics (SVG) files to obfuscate phishing payloads. According to a report by KnowBe4, there has been a 245% increase in the use of SVG files in phishing emails. These files are being used to bypass traditional email security filters and trick recipients into clicking on malicious links.

Key Points:

• Increase in SVG Usage: SVG files accounted for 6.6% of malicious attachments in phishing emails detected between January 1st and March 5th, 2025.
• Technical Advantages: SVG files offer technical advantages to cybercriminals, such as evading traditional email security filters.
• Phishing Campaigns: Two major phishing campaigns contributed to this increase, using advanced obfuscation techniques.

Action Required:

• Be Vigilant: Please be extra cautious when opening emails, especially those with SVG attachments.
• Report Suspicious Emails: If you receive any suspicious emails, report them immediately to the ACORD Help Desk.
• Stay Informed: Keep yourself updated on the latest phishing techniques and security measures.

You can find more details in the following article: 245% Increase in SVG Files Used to Obfuscate Phishing Payloads.