Home > Savvy News

The ZeroFont Trick: How Hackers Use Sneaky Techniques to Evade Email Security

ZeroFont Phishing: How Hackers Evade Email Security Checks with Invisible Text

In the ever-evolving landscape of cybersecurity, hackers continually seek innovative ways to breach defenses and execute phishing attacks. One such technique that has recently gained notoriety is the “ZeroFont” trick. In this article, we’ll delve into the world of ZeroFont and how cybercriminals employ this method to bypass email security measures, specifically in Microsoft Outlook.

Understanding the ZeroFont Attack

The ZeroFont attack is a clever manipulation of text within emails, designed to deceive both human recipients and email security systems. While the technique itself is not entirely new, its recent resurgence in phishing attacks has raised concerns among cybersecurity experts.

At its core, the ZeroFont technique takes advantage of how email security platforms, particularly those equipped with artificial intelligence (AI) and natural language processing (NLP) systems, analyze text. The hacker’s strategy involves setting the font size of certain words or characters to zero, rendering them invisible to the naked eye. However, crucially, these hidden characters remain legible to NLP algorithms.

The Objective: Bypassing Security Filters

The primary goal of the ZeroFont attack is to outsmart email security filters by introducing concealed, benign terms within the body of an email. These hidden terms are strategically placed to blend seamlessly with potentially suspicious visible content, leading to confusion in the AI’s interpretation of the message. This confusion can result in security checks producing false negatives, allowing phishing emails to slip through undetected.

The ZeroFont technique first came to public attention in 2018 when Avanan, a cybersecurity firm, documented its usage. At that time, Avanan issued a warning that ZeroFont had the capability to bypass Microsoft’s Office 365 Advanced Threat Protection (ATP), even when emails contained known malicious keywords.

A Recent ZeroFont Example

A recent incident analyzed by ISC Sans analyst Jan Kopriva shed light on how threat actors are employing the ZeroFont technique to manipulate email previews in popular clients like Microsoft Outlook. In this particular case, the email’s listing in Outlook displayed one message, while the preview pane showed something entirely different.

For instance, the Outlook listing stated, “Scanned and secured by Isc®Advanced Threat protection (APT): 9/22/2023T6:42 AM.” However, the preview pane revealed, “Job Offer | Employment Opportunity.” The deceptive tactic involved concealing the fabricated security scan message at the beginning of the email using ZeroFont. Although invisible to the recipient, Outlook still captured this text and displayed it as a preview in the email listing pane.

Creating a False Sense of Legitimacy

The objective behind this deceptive maneuver is clear: to create a false sense of legitimacy and security for the email recipient. By presenting a fictitious security scan message, cybercriminals increase the likelihood of the target opening the email and engaging with its content, potentially falling victim to the phishing attempt.

It’s important to note that while this incident occurred on Outlook, other email clients may also retrieve the initial portion of an email for preview without verifying the font size. Thus, user vigilance remains essential across various email platforms to counter such tactics effectively.

In conclusion, the ZeroFont trick represents a crafty evolution in the world of phishing attacks. As cybercriminals continually adapt and refine their methods, it is crucial for users and organizations to stay informed and vigilant. By understanding these tactics, we can better protect ourselves against the ever-present threat of phishing attacks and bolster our email security defenses.

We provide solutions for growth

Migration & Discovery Sessions Are Free

108 SEO Checklist

304 Ecommerce SEO Checklist

share this article :
Select your currency


108 SEO Checklist

With actionable tips and resources for the Savvy DIY Business.

We don’t spam! Read our privacy policy for more info.