The ZeroFont phishing technique has been used in the past, but this is the first time it has been documented in this manner.
In Microsoft Outlook, hackers use zero-point fonts to make malicious emails appear as security tools have scanned them.
The ZeroFont phishing technique has been used in the past, but this is the first time it has been documented in this manner.
In a new report, ISC Sans analyst Jan Kopriva warns that this trick can significantly increase the effectiveness of phishing attacks, and users should be aware of its existence and use.
The ZeroFont attack method, first documented by Avanan in 2018, is a phishing technique that exploits weaknesses in how artificial intelligence and natural language processing (NLP) systems analyze text in email security platforms. The method involves inserting hidden words or characters into emails by setting the font size to zero, rendering them invisible to human targets but readable by NLP algorithms.
A malicious term is inserted into suspicious visible content to skew AI's interpretation of the content and the result of security checks, thus evading security filters. According to Avanan's 2018 report, ZeroFont bypassed Office 365 Advanced Threat Protection (ATP) even when the emails contained known malicious keywords.
In a new phishing email seen by Kopriva, a threat actor manipulates message previews on widely used email clients such as Microsoft Outlook using the ZeroFont attack. In Outlook's email list, the email displayed a message that was different from its preview.
The attackers cleverly added zero font size text before the message text in the phishing email Kopriva observed - "Scanned and secured by Isc®Advanced Threat protection (APT): 9/22/2023T6:42 AM."
It resulted in a situation where the user could see text confirming that the message was secure in Outlook's message listing pane — below the message subject line instead of the first line of the phishing email message, displayed on the screen's right-hand side. Kopriva explained that attackers are exploiting an Outlook feature that displays email messages text.
Kopriva acknowledged that the tactic may have been used in the wild for some time already. Kopriva indicated that it is, in any case, one more small addition to the threat actor toolbox that may be utilized to create more effective phishing campaigns and that we, as defenders, should be aware of it.
In Microsoft Outlook, hackers use zero-point fonts to make malicious emails appear as security tools have scanned them.
The ZeroFont phishing technique has been used in the past, but this is the first time it has been documented in this manner.
In a new report, ISC Sans analyst Jan Kopriva warns that this trick can significantly increase the effectiveness of phishing attacks, and users should be aware of its existence and use.
The ZeroFont attack method, first documented by Avanan in 2018, is a phishing technique that exploits weaknesses in how artificial intelligence and natural language processing (NLP) systems analyze text in email security platforms. The method involves inserting hidden words or characters into emails by setting the font size to zero, rendering them invisible to human targets but readable by NLP algorithms.
A malicious term is inserted into suspicious visible content to skew AI's interpretation of the content and the result of security checks, thus evading security filters. According to Avanan's 2018 report, ZeroFont bypassed Office 365 Advanced Threat Protection (ATP) even when the emails contained known malicious keywords.
In a new phishing email seen by Kopriva, a threat actor manipulates message previews on widely used email clients such as Microsoft Outlook using the ZeroFont attack. In Outlook's email list, the email displayed a message that was different from its preview.
The attackers cleverly added zero font size text before the message text in the phishing email Kopriva observed - "Scanned and secured by Isc®Advanced Threat protection (APT): 9/22/2023T6:42 AM."
It resulted in a situation where the user could see text confirming that the message was secure in Outlook's message listing pane — below the message subject line instead of the first line of the phishing email message, displayed on the screen's right-hand side. Kopriva explained that attackers are exploiting an Outlook feature that displays email messages text.
Kopriva acknowledged that the tactic may have been used in the wild for some time already. Kopriva indicated that it is, in any case, one more small addition to the threat actor toolbox that may be utilized to create more effective phishing campaigns and that we, as defenders, should be aware of it.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?