bleepingcomputer[.]com/news/security/new-zerofont-phishing-tricks-outlook-into-showing-fake-av-scans/
Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook.Although the ZeroFont phishing technique has been used in the past, this is the first time it has been documented as used in this way.
In a new report by ISC Sans analyst Jan Kopriva, the researcher warns that this trick could make a massive difference in the effectiveness of phishing operations, and users should be aware of its existence and use in the wild.
ZeroFont attacksThe ZeroFont attack method, first documented by Avanan in 2018, is a phishing technique that exploits flaws in how AI and natural language processing (NLP) systems in email security platforms analyze text.
It involves inserting hidden words or characters in emails by setting the font size to zero, rendering the text invisible to human targets, yet keeping it readable by NLP algorithms.
This attack aims to evade security filters by inserting invisible benign terms that mix with suspicious visible content, skewing AI's interpretation of the content and the result of security checks.
In its 2018 report, Avanan warned that ZeroFont bypassed Microsoft's Office 365 Advanced Threat Protection (ATP) even when the emails contained known malicious keywords.
It is possible that Outlook isn't the only email client that grabs the first portion of an email to preview a message without checking if its font size is valid, so vigilance is advised for users of other software, too.