Inside the image tags, the attacker can camouflage the link to his data pipe share.
The reason is due to the way Windows manages authentication for connection shares.
This was not an issue in the past, as Windows accounts were using machine-localized usernames and password.
Microsoft has begun to associate all its online realities with the users same Microsoft account in the recent years.
This allows the crook to reach the victims VPN account.
source: www.techworm.net
