Security News ZeroFont Phishing Attack to Bypass Spam Filters

I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,489
Content source
https://www.bleepingcomputer.com/news/security/new-zerofont-phishing-tricks-outlook-into-showing-fake-av-scans/
Published September 26, 2023
Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook.

Although the ZeroFont phishing technique has been used in the past, this is the first time it has been documented as used in this way.

In a new report by ISC Sans analyst Jan Kopriva, the researcher warns that this trick could make a massive difference in the effectiveness of phishing operations, and users should be aware of its existence and use in the wild.
Click to expand...
Read more: New ZeroFont phishing tricks Outlook into showing fake AV-scans

Key Points
  • The zero-font tactic uses text people cannot read to evade spam filters and trick email software. It can bypass security measures and deceive recipients.
  • It can trick spam detection by adding junk text to clog up scans. Scammers can impersonate legitimate entities without triggering alarms.
  • Zero-font text can create fake antivirus scan results in email previews, giving a false sense of security. Stay vigilant and be cautious of suspicious emails.
Click to expand...
Source: What Is a Zero-Font Tactic in Email Phishing Scams?

Published June 13, 2018
An email is sent to a customer attempting to impersonate an Office 365 quota limit notification. The message looks like a common administrative service message phishing attack that would normally be caught, but, in this case, it was not flagged by Microsoft as a phishing email.

This email was not flagged by Microsoft is because the hacker inserted random text throughout the email to break up the text strings that would trigger Microsoft's natural language processing. In some cases, random words are used. These inserted characters are embedded within the HTML code <span style="FONT-SIZE: 0px"> to have a font size of zero, making them invisible to the recipient of the email. Below is a screenshot of the raw HTML of the email content, showing the inserted ZeroFont characters.

ZeroFont HTML
Click to expand...
Source: ZeroFont Phishing: Font Manipulation to Pass Microsoft Security
 
  • Like
  • +Reputation
Reactions: Jonny Quest, Moonhorse, B-boy/StyLe/ and 6 others
nicolaasjan

nicolaasjan

Level 5
Verified
Well-known
May 29, 2023
226
So, this is what I get when copying the text from the mail and paste it in a text editor: :eek:
Klingon is easier to understand. :p

No wonder this can't be filtered.

Would a spam filter using AI be able to recognize that these are scrambled words? :unsure:
After all there are no languages using these 'words' and especially not with so many characters per word.

nicolaasjan said:
So, this is what I get when copying the text from the mail and paste it in a text editor: :eek:
Klingon is easier to understand. :p

No wonder this can't be filtered.
Click to expand...
@Moderator, why have you deleted my code block?
There was no PII in it at all. :unsure:
 
  • Wow
  • Like
Reactions: simmerskool, Jonny Quest, Morro and 1 other person
nicolaasjan

nicolaasjan

Level 5
Verified
Well-known
May 29, 2023
226
Since the moderator deleted my code block from the above post, I'll post it again as an image :) :

Screenshot_20240318-7.png

Again, it's only a copy of the text in the McAfee phishing spam show above, with the link at the bottom omitted.
 
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,357
nicolaasjan said:
Would a spam filter using AI be able to recognize that these are scrambled words? :unsure:
After all there are no languages using these 'words' and especially not with so many characters per word.
Click to expand...
There are algorithms that are able to recognise gibberish.
www.kaspersky.co.uk

How machine learning works

Lately, tech companies have gone crazy about machine learning. What is machine learning, and what are its implications? Here’s our take on this technology.
www.kaspersky.co.uk www.kaspersky.co.uk
 
  • Hundred Points
Reactions: nicolaasjan

Similar threads

Gandalf_The_Grey
    • Like
Security News Phishing texts trick Apple iMessage users into disabling protection
Replies
0
Views
485
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Thanks
Scams & Phishing News Novel phising campaign uses corrupted Word documents to evade security
Replies
0
Views
439
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Beware: PayPal "New Address" feature abused to send phishing emails
Replies
0
Views
735
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top