Cybersecurity researchers in Germany published findings this week that mailto links can be abused to covertly steal local files from victims and email them to the attacker. “Mailto” links use a special protocol that opens up a new email “compose” window when clicked. The researchers learned that attackers can use mailto links to command their victims’ systems to fill the new “compose” window with predetermined content, including the addition of attachments, as long as attackers know the file path to their targeted documents.
