Security News ZeroFont Phishing Attack to Bypass Spam Filters

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,389
Published September 26, 2023
Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook.

Although the ZeroFont phishing technique has been used in the past, this is the first time it has been documented as used in this way.

In a new report by ISC Sans analyst Jan Kopriva, the researcher warns that this trick could make a massive difference in the effectiveness of phishing operations, and users should be aware of its existence and use in the wild.
Read more: New ZeroFont phishing tricks Outlook into showing fake AV-scans

Key Points
  • The zero-font tactic uses text people cannot read to evade spam filters and trick email software. It can bypass security measures and deceive recipients.
  • It can trick spam detection by adding junk text to clog up scans. Scammers can impersonate legitimate entities without triggering alarms.
  • Zero-font text can create fake antivirus scan results in email previews, giving a false sense of security. Stay vigilant and be cautious of suspicious emails.
Source: What Is a Zero-Font Tactic in Email Phishing Scams?

Published June 13, 2018
An email is sent to a customer attempting to impersonate an Office 365 quota limit notification. The message looks like a common administrative service message phishing attack that would normally be caught, but, in this case, it was not flagged by Microsoft as a phishing email.

This email was not flagged by Microsoft is because the hacker inserted random text throughout the email to break up the text strings that would trigger Microsoft's natural language processing. In some cases, random words are used. These inserted characters are embedded within the HTML code <span style="FONT-SIZE: 0px"> to have a font size of zero, making them invisible to the recipient of the email. Below is a screenshot of the raw HTML of the email content, showing the inserted ZeroFont characters.

ZeroFont HTML
Source: ZeroFont Phishing: Font Manipulation to Pass Microsoft Security
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top