More and more phishing campaigns are using the little-known SVG vector graphics format. This can contain scripts that are then executed when the image is opened.