Hackers are employing a deceptive technique known as “ZeroFont” in emails to trick security tools in Microsoft Outlook, making malicious emails appear as if they have been safely scanned. This phishing technique takes advantage of flaws in how AI and natural language processing systems in email security platforms analyze text.
It involves inserting hidden words or characters with a font size set to zero, making the text invisible to human recipients but still readable by NLP algorithms. By doing so, the attackers aim to evade security filters by mixing benign terms with suspicious content, confusing AI interpretation and security checks.
The use of ZeroFont in this manner was recently documented by ISC Sans analyst Jan Kopriva, highlighting its potential to significantly enhance the effectiveness of phishing attacks. The attackers manipulate message previews on widely-used email clients, like Microsoft Outlook, to make emails appear more legitimate and secure.
For instance, a phishing email might display a message in the email list pane that suggests it has been scanned and secured by a reputable security tool, while the actual content in the preview pane is unrelated, such as a job offer. This discrepancy aims to create a false sense of security in the recipient, increasing the likelihood of them opening and engaging with the malicious email.
While the use of ZeroFont has been previously documented, this new approach underscores its ongoing relevance and the need for user awareness. It can potentially circumvent email security measures and deceive individuals into interacting with phishing emails. The report warns that other email clients may also be vulnerable to this technique, emphasizing the importance of vigilance among email users to avoid falling victim to such deceptive tactics.