CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
Small print is a big threat: the ZeroFont tool as a successful phishing method.
Hackers have developed a new method of circumventing security systems in e-mail-letters with a zero-size font. They allow you to disguise malicious messages as secure ones that have already been verified by Microsoft Outlook algorithms.
Although the ZeroFont method has already been used in various phishing campaigns, this is the first documented case.
Initially, the tactic was described by Avanan in 2018. Artificial intelligence for text analysis is implemented in the email protection system. It turns out that it is quite easy to deceive him.
Hackers add words or characters with zero font size to emails, making them invisible to humans. However, for computer algorithms, this text remains readable.
In 2018, researchers noted that ZeroFont can bypass Microsoft's Office 365 Advanced Threat Protection (ATP), even if the message contains known malicious tags.
Recently, an analyst at ISC Sans, Jan Kopriva, discovered a phishing email in which hackers use the ZeroFont method to manipulate the preview string. Outlook displayed one text in the general inbox list and another in the body itself.
Kopriva demonstrated how the preview of "Verified and Protected by Isc®Advanced Threat Protection (APT): 9/22/2023 6: 42 AM" disappears when you open a message. In its place remains the title " Job offer | Employment opportunities".
This way, ZeroFont hides a false security check mark at the beginning of the text. Even though it is invisible to the recipient, Outlook still captures it and displays it in preview mode.
The goal of hackers is to instill a false sense of security in the recipient. The probability that a person will open and read an email with this mark increases.
Outlook is probably not the only email service that shows the initial text of an email in the preview, even if it is written in an invisible font of zero size. This can be considered a dangerous vulnerability, so users of other programs should be on their guard.
Hackers have developed a new method of circumventing security systems in e-mail-letters with a zero-size font. They allow you to disguise malicious messages as secure ones that have already been verified by Microsoft Outlook algorithms.
Although the ZeroFont method has already been used in various phishing campaigns, this is the first documented case.
Initially, the tactic was described by Avanan in 2018. Artificial intelligence for text analysis is implemented in the email protection system. It turns out that it is quite easy to deceive him.
Hackers add words or characters with zero font size to emails, making them invisible to humans. However, for computer algorithms, this text remains readable.
In 2018, researchers noted that ZeroFont can bypass Microsoft's Office 365 Advanced Threat Protection (ATP), even if the message contains known malicious tags.
Recently, an analyst at ISC Sans, Jan Kopriva, discovered a phishing email in which hackers use the ZeroFont method to manipulate the preview string. Outlook displayed one text in the general inbox list and another in the body itself.
Kopriva demonstrated how the preview of "Verified and Protected by Isc®Advanced Threat Protection (APT): 9/22/2023 6: 42 AM" disappears when you open a message. In its place remains the title " Job offer | Employment opportunities".
This way, ZeroFont hides a false security check mark at the beginning of the text. Even though it is invisible to the recipient, Outlook still captures it and displays it in preview mode.
The goal of hackers is to instill a false sense of security in the recipient. The probability that a person will open and read an email with this mark increases.
Outlook is probably not the only email service that shows the initial text of an email in the preview, even if it is written in an invisible font of zero size. This can be considered a dangerous vulnerability, so users of other programs should be on their guard.
