Security News > 2021 > November > Tiny Font Size Fools Email Filters in BEC Phishing

A new business email compromise campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users.

Researchers at Avanan, a CheckPoint company, first discovered the campaign - dubbed One Font because of the way it hides text in a one-point font size within messages - in September.

The One Font campaign also includes messages with links coded within the tag, which - in combination with the other obfuscation techniques - also destroy the effectiveness of email filters that depend on natural language for their analysis, according to Jeremy Fuchs, a cybersecurity researcher at Avanan.

That campaign inserted hidden text with the font size of zero within messages to trip up email scanners that depend on natural language to weed out malicious emails.

In their post, researchers demonstrated how specific phishing emails used a combination of tactics - specifically, links hidden within the CSS and links slipped within the tag and then sized down to zero - that together confound natural language filters.

Using a security architecture that relies on more than one factor to block email and requiring corporate users to confirm with an IT department before engaging with any email that asks for a password change also can serve to mitigate attacks, Fuchs wrote.

News URL

https://threatpost.com/tiny-font-size-email-filters-bec-phishing/176198/