- Security researchers warn against the “salting of hidden texts” in emails
- Pirates can hide parts of the text to confuse the scanners by e-mail
- The hidden text helps the email to transmit scans and land in the reception box
Pirates are increasingly using “hidden text salting” or “poisoning” techniques, to get around email safety measures and bring phishing messages to land in people’s reception boxes.
A new in-depth guide published by Cisco Talos cybersecurity researchers describes how cybercriminals abuse HTML and CSS properties in emails, defining the width of certain elements at 0, and using the function “Display: hidden” to hide Content content of content of content of content of content content content content content content content content content content content Content content of content of content of content content content content content content content content content content content content content Content of the content of the content of the victims of the victims. They also inserts characters without joining (ZWNJ) (ZWSP) and zero width (ZWNJ) and, finally, hiding the real messaging content, incorporating an unrelevant language.
Consequently, e-mail safety solutions, spam filters and brand extractors are confused and e-mails which otherwise find themselves in the SPAM folder, would reach the reception box directly.
Advanced filtering
In his article, Cisco Talos gave several examples, including one in which the attackers hid French words in the body of the email. This confused the Microsoft online protection spam filter (EOP) which finally allowed the message.
In another example, Cisco Talos said that threat actors used CSS and ZWSP characters to hide the content of emails, successfully imitating Wells Fargo and Norton Liflock.
To combat this strategy, the researchers suggested that IT teams adopt advanced filtering techniques that scan the structure of HTML emails, rather than their content. One e-mail safety solution could therefore look for extreme use of online styles or CSS properties such as “visibility: hidden”. The deployment of defenses fueled by AI is also recommended.
Email remains one of the best vectors of attack, due to its simplicity, its omnipresence and its low cost for a large -scale operation. It also owes its popularity to the fact that it attacks the e -mail safety chain on its weakest link – humans.
