The Trustwave SpiderLabs Email Security team has identified a significant increase in SVG image-based attacks, where seemingly harmless graphics are used to conceal dangerous links. Cybercriminals are exploiting the ability of SVG files to embed JavaScript, which can execute automatically upon opening. This technique has led to a 1800% increase in SVG-based phishing attacks in early 2025 compared to the previous year. The attacks are primarily driven by Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA. These SVG files are particularly dangerous because they can bypass traditional security measures and appear innocuous to users. The blog post analyzes various techniques used in these attacks and provides recommendations for protection, including blocking SVG attachments, implementing advanced email security, and enhancing user awareness.