Security News > 2023 > September > New twist on ZeroFont phishing technique spotted in the wild

Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned.

Documented and named by Avanan in 2018, the ZeroFont technique involves using text written in font size "0" throughout the email body.

Email clients generally display messages in two adjacent windows: the left one showing a list of received, sent or drafted messages and the right showing the email body.

Kopriva received a phishing-email that used the ZeroFont phishing technique to make it seem like the email has been scanned by anti-spam email filters.

The text indicating that: 9/22/2023T6:42 AM) was only displayed in the listing pane, because the same text in the email message was written at the beginning of it, in font size "0", and thus invisible to the recipient.

Some phishers are obviously using the technique to try to create more effective phishing campaigns so, according to Kopriva, "It might not be a bad idea to mention it in any phishing-oriented security awareness courses."

News URL

https://www.helpnetsecurity.com/2023/09/27/zerofont-phishing/