Hackers are using pictures to trick you into clicking on phishing links — Don’t fall for this

An email inbox displayed on the screen of a laptop, next to a cup of coffee.
(Image credit: one photo/Shutterstock)

In order for their attacks to be successful, hackers need to constantly come up with new ways to bypass the best antivirus software and other security solutions.

This is especially true with phishing attacks, which often rely on getting unsuspecting users to click on suspicious links in emails and other messages. However, new research from the cybersecurity firm Check Point has revealed a new technique used by hackers that’s currently making the rounds online.

As reported by our sister site TechRadar, instead of trying to write out convincing phishing emails, hackers have taken to using images to do the heavy lifting instead. While phishing messages can be easy to spot due to poor spelling, bad grammar and other red flags, hackers are now using large, promotional images in their attacks to avoid detection.

Just like when you get a promotional email from Best Buy, Amazon or other large retailers, these phishing emails feature a large image instead of any text. However, when you click on one of these images, you’re taken to a phishing site designed to steal your passwords and other sensitive information.

Even pictures can be dangerous in suspicious emails

These suspicious emails wouldn’t be phishing messages without a good lure to draw people in and this time, the hackers behind this campaign are using gift cards and loyalty programs to get unsuspecting users to click. However, they’re also impersonating brands like Kohl’s and Delta.

An example of phishing email impersonating Kohl's

(Image credit: Check Point / Tom's Guide)

In the examples shared by Check Point, hackers are using a free loyalty program from Kohl’s as well as a gift card from Delta as their lures. The images in both of these emails contain a link that takes anyone who clicks on them to a credential harvesting page designed to steal their usernames and passwords.

Hiding their malicious links inside pictures also allows the hackers behind this campaign to bypass URL filters which are used by Gmail, Outlook and other email services to protect their users from these kinds of scams.

How to stay safe from phishing emails

Fish hook on a keyboard

(Image credit: Shutterstock)

When it comes to protecting yourself from phishing attempts like the ones described above, you want to carefully inspect any email that ends up in your inbox.

For starters, you want to look at the sender’s address and see if it looks like a legitimate one. Keep in mind that you can always reach out to a company to see if any email address actually belongs to them if you’re not entirely sure it’s a fake.

From here, you want to avoid clicking on any links or downloading any attachments a suspicious email may contain. For the links, you can take your mouse cursor and hover over them to reveal where they take you. If you happen to see a shortened link or one that doesn’t match a company’s website, you want to avoid clicking on it at all costs.

Finally, the other important thing you want to keep in mind while checking your email is that both hackers and scammers try to instill a sense of urgency to trick you into clicking on links or responding to their phishing emails. By not letting your emotions get the best of you and by keeping a cool head, you can avoid falling to many of the most common tricks used by hackers.

Now that the hackers behind this campaign have seen some success using images instead of text in their phishing messages, expect copycats to follow suit and use this technique in their own attacks. As such, this will be something you want to continue to look out for when checking your email.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person typing on a computer while hackers use phishing to steal a file from their computer
Phishing: What is it, and how to avoid it
A hacker typing quickly on a keyboard
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
An email icon open on a laptop screen
New Google Calendar notification attack could be hiding in your inbox — here's how to protect yourself
iPhone 15 Pro Max shown in hand
iMessage under attack from scammers sending phishing messages — don’t fall for it
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
Latest in Online Security
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Monday, March 17 (#645)
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #379 (Monday, March 17 2025)
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far