A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware.
The phishing emails delivered by the operators behind this series of attacks use the old trick of reversing some of the text elements in the source code and rendering forward within the email displayed to the target, with a twist: this time it involves using Cascading Style Sheets (CSS).
Reversing text in an email's HTML code helps attackers bypass some automated text matching models used by Secure Email Gateways (SEG) use to differentiate between legitimate emails and phishing messages.
CSS tricks to scam email gateways
"Our primary finding is that CSS offers tools for mixing scripts like Arabic and Latin, which naturally flow in different directions on the page,"
Inky CEO Dave Baggett explains.
... ... ...
