ZeroFont Phishing Technique Targets Automated Email Security Platforms

Bleeping Computer has written an article discussing the ZeroFont phishing technique and its implications for network defense.

The technique was first documented in 2018, though threat actors have been observed utilizing new variations of it even now. The ZeroFont technique exploits flaws in the automated language processing systems that email security platforms use. Additional words and characters can be hidden in an email by setting their font size to zero, so humans don’t read them. However, automated systems will and the right combination of benign hidden words counteracting malicious words can confuse a platform. The latest variation instead utilizes zero-font words to exploit Outlook and manipulate previewed text to gain a sense of legitimacy. Members should be aware of this technique and consider adding it to phishing security courses for staff. Read more at Bleeping Computer.