We've all received emails with no attachment and assume it's "safe" to open in a mail client (as long as we don't explicitly click on any URLs). Right?

Not so much...
Let's talk about email tracking pixels for a minute and how sales/marketing (as well as real threat actor's) can use them to evaluate the success of an email marketing (or phishing) campaign...or for information gathering before sending a follow-up payload.

#DFIR #APT32
Let's start with the basics of tracking pixels.

I'm not attending @RSAConference - but I get marketing emails like this one. If you use the Outlook client - have you ever noticed the "to help protect your privacy; Outlook prevented automatic download of some pictures."?
The email has a number of image attachments - one of which is called a tracking pixel. Here's what it looks like when the images haven't been downloaded.
If you take a look at the raw email message you'll notice multiple URLs including ones from well known social media companies and a lesser known one called yesware
Let's take a look at spacer.gif. According to Chrome developer tools - it's a 1 pixel by 1 pixel, white image and also saves a cookie called "t" that expires in 10 years.
Let's take a look at spacer.gif. According to Chrome developer tools - it's a 1 pixel by 1 pixel, white image and also saves a cookie called "t" that expires in 10 years.
Let's take a look at spacer.gif. According to Chrome developer tools - it's a 1 pixel by 1 pixel, white image and also saves a cookie called "t" that expires in 10 years.
In my limited testing I've found that each mail client chooses to handle these tracking pixels differently.

Outlook thick client (blocked by default)
Office365 in a web browser (pixel autoloaded)
iPhone mail client (pixel autoloaded)
Android mail client (pixel autoloaded)
If you open an email in a mail client that autoloads a tracking pixel - you divulge your IP address, OS version and mail client version and the date/time of each time you opened the email.
Moral of the story is - opening an email in certain mail clients can leak information about your system b/c your mail client autoloads a tracking pixel. And although it might be a company hosting a hot @RSAConference party - it could also be someone less "friendly"

#DFIR #APT32
Even scammers leverage tracking pixels to gauge the success of their campaigns.

I could really use a silent investor - you think I should reach out to Mr. Mohammed?
Even scammers leverage tracking pixels to gauge the success of their campaigns. I could really use a silent investor - you think I should reach out to Mr. Mohammed?
Even scammers leverage tracking pixels to gauge the success of their campaigns. I could really use a silent investor - you think I should reach out to Mr. Mohammed?
If you want to disable auto-image loading in Gmail, click the "Gear" icon, Select "Settings" and under the Images section select "Ask before displaying external images", and click "Save changes".
If you want to disable auto-image loading in Gmail, click the "Gear" icon, Select "Settings" and under the Images section select "Ask before displaying external images", and click "Save changes".
If you want to disable auto-image loading in Gmail, click the "Gear" icon, Select "Settings" and under the Images section select "Ask before displaying external images", and click "Save changes".
You can follow @cglyer.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more