A strange new phishing scam is using empty images to trick users – and you may not even realize it, experts say.

A format that researchers at an email security company avanan (opens in a new tab) Described as a “blank image”, it consists of cybercriminals embedded in HTML attachments of empty Base64-encoded .svg files, allowing them to evade URL redirection detection.