Dubbed ZeroFont, the technique involves inserting hidden words amongst a font size of nada inside the actual content of a phishing email, keeping its visual appearance same, simply at the same time, making it non-malicious inward the eyes of electronic mail safety scanners.
According to cloud safety society Avanan, Microsoft Office 365 likewise fails to notice such emails equally malicious crafted using ZeroFont technique.
The applied scientific discipline helps safety companies to analyze, empathise as well as derive pregnant from unstructured text embedded inward an electronic mail or spider web page yesteryear identifying text-based indicators, similar electronic mail scams mimicking a pop company, phrases used to asking for payments or password resets, as well as more.
Therefore, the electronic mail looks normal to a human eye, simply Microsoft reads the entire garbage text, fifty-fifty if roughly words are displayed amongst a font size of "0."
"Microsoft tin non position this equally a spoofing electronic mail because it cannot come across the give-and-take 'Microsoft' inward the un-emulated version," reads Avanan's spider web log post. "Essentially, the ZeroFont ready on makes it possible to display 1 message to the anti-phishing filters as well as roughly other to the cease user."
Last month, researchers from the same society reported that cybercriminals had been splitting upwards the malicious URL inward a means that the Safe Links safety characteristic inward Office 365 fails to position as well as supersede the partial hyperlink, eventually redirecting victims to the phishing site.
