Skip to main content
WarningOther

SVG attachment or inline base64-encoded SVG used as a phishing portal with embedded HTML/credential-harvest content

svg-base64-portal

What this tier means

Warning signal — bulk / marketing / mild spam. Contributes to the trash score but is not by itself sufficient.

How Gorganizer detects this

SVG file attachment or inline base64-encoded SVG (data:image/svg+xml;base64,) used as a phishing portal. SVG is uniquely dangerous as an email vector because SVG is an XML format that can contain embedded JavaScript, HTML foreignObject elements, and hyperlinks — all rendering in email clients or browsers that open SVG inline. Attackers embed a credential-harvesting HTML page inside an SVG using base64 encoding to evade signature-based attachment scanners. The SVG may appear as a company logo or document thumbnail but opens a fake login page when clicked. The signal fires when: (1) an SVG attachment is present OR inline data:image/svg+xml;base64 appears in the HTML body AND (2) a credential/account-action narrative is present (verify, sign in, open document, restore access) AND (3) sender is NOT from a known design platform (Figma, Canva, Adobe) AND (4) no List-Unsubscribe header. Source: GC1 R13 council #2; Sophos SVG phishing 2024-2025; ANY.RUN SVG-as-phishing-portal samples 2026.

False-positive guard

Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a warning-tier signal — bulk / marketing / mild spam. It contributes to the trash score but never triggers deletion on its own. Gorganizer requires multiple signals + a margin over the safety floor before any email is moved to trash.

About the scoring engine

Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.

Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.

Browse all signalsSafety guaranteesJSON

Ready to clean your inbox?

Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.

Get started