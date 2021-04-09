The amount of dangers that we can find in the mailbox has grown significantly: constant phishing campaigns, all kinds of these and now images designed to collect information about us.

Over the years and large awareness campaigns by cybersecurity institutions and companies, the number of users who avoid links and attachments in emails, main sources of malicious code that try to infect the device and steal our data.

However, they are not the only elements that we now face. While online messaging services strive to more effectively detect such annoying fake emails and spam, the big companies that send us advertisements want to know more about our habits and the extent to which we interact with their emails.

At the beginning they integrated the links with offers and interesting information to tempt the user. These links do not redirect to an online scam as in phishing emails, but they allow companies to know certain information: if you have read the email, if you are interested in the topic or what product has caught your attention. These large links are unique for each user and thus know the personal tastes of each one.

With the growth of cyberattacks and the awareness of the population, these links have lost much of their effect, forcing companies to generate a new method to collect that information. They are the spy images, those that are integrated into the body of the email.

When we open the email, if we do not click on any link or download anything, we are not in great danger of being attacked. However, both the text and lIndexed images are uploaded from the server on which they are hosted. This action allows the sender of the message to know that his mail has been opened and has not been lost in the tray or in the spam section; the operating system used by the device or the version of the browser from which the email is opened, among other details such as the time it was opened.

Chema Alonso, hacker and member of the Telefónica Executive Committee, shows on his blog a simulator that demonstrates this activity to collect information, created by the developer Guillermo Peñarando Sánchez. This shows that the image can be transparent and continue to collect personal information without the owner of the email noticing.

Before this system, messaging services as well known as Gmail “They download the image on their server and serve it themselves, preventing them from spying on you using this method,” says Peñarando, while other tools such as Microsoft Outlook require the user’s prior permission to download the image on their servers.

This method can also be useful for cybercriminals to know which emails are active and consult the messages, and then send other more dangerous emails. However, in the case of companies, they would be a version similar to the cookies that we find on their website, which is why cybersecurity experts ask that they be treated under the legal framework of the GDPR that regulates data protection in the European Union. .