Hackers turn to pixel trackers to conduct surveillance

Hackers are using pixel tracking to gather data on phishing victims, security researchers have discovered.

Criminals are using the technology, used by marketers to analyse email and web campaigns, to gather data on a potential victim, such as IP addresses, hostnames, operating systems, browser types, dates the image was viewed, use of cookies, and other information, according to IT security firm Check Point.

To stop users from realising they are being tracked, the images are usually only one pixel in size, hence the name 'tracking pixel'. As well as being tiny, these pixels can be set to the same colour as the background of an email or web page to avoid drawing attention.

In a blog post, Donald Meyer, head of marketing, data centre and cloud security at Check Point, said that in phishing attacks, tracking pixels can be used to learn which recipients are most likely to open scam emails.

“Since some scammers retool mass phishing attacks against random users to target high-value enterprise users, scammers are turning to pixel tracking to increase the odds a spear phishing attack will succeed,” he said.

“Our security researchers have already discovered tracking pixels being used in the wild as a surveillance tool to gather information for use in phishing scams."

The company has detected such pixel usage in a phishing campaign carried out last August. The pixels can not only be used in emails, but also Office documents.

“Putting a tracking pixel in an Office document allows you to be able to track a document’s activity as it moves through an organisation,” said Meyer.

Meyer added that at present tracking pixels have not been found to be the direct cause of any specific security breaches.

“Rather, their surveillance capabilities are enablers for subsequent attacks against users and infrastructure,” he added.