Security researchers are warning a couple of straightforward technique that cyber criminals and email scammers ar exploitation within the wild to bypass most AI-powered phishing detection mechanisms enforced by wide used email services and internet security scanners.
Dubbed ZeroFont, the technique involves inserting hidden words with a font size of zero inside the particular content of a phishing email, keeping its visual look same, however at identical time, creating it non-malicious within the eyes of email security scanners.
According to cloud security company Avanan, Microsoft workplace 365 additionally fails to notice such emails as malicious crafted exploitation ZeroFont technique.
Like Microsoft workplace 365, several emails and internet security services use tongue process and alternative artificial intelligence-based machine learning techniques to spot malicious or phishing emails quicker.
The technology helps security firms to investigate, perceive Associate in Nursing derive that means from unstructured text embedded in an email or online page by distinctive text-based indicators, like email scams mimicking a well-liked company, phrases accustomed request for payments or arcanum resets, and more.
However, by adding random zero font-size characters between the indicator texts gift in an exceedingly phishing email, cybercriminals will rework these indicators into associate degree unstructured garbage text, activity them from the language process engine.
Therefore, the e-mail appearance traditional to a person’s eye, however Microsoft reads the complete garbage text, notwithstanding some words ar displayed with a font size of “0.”
“Microsoft cannot determine this as a spoofing email as a result of it cannot see the word ‘Microsoft’ within the un-emulated version,” reads Avanan’s journal post. “Essentially, the ZeroFont attack makes it doable to show one message to the anti-phishing filters and another to the tip user.”
Besides the ZeroFont technique, Avanan conjointly detected hackers exploitation alternative similar tricks that involve Punycode, Unicode, or positional notation Escape Characters in their phishing attacks.
Last month, researchers from an equivalent company according that cybercriminals had been ripping up the malicious universal resource locator in an exceedingly method that the Safe Links security feature in workplace 365 fails to spot and replace the partial link, eventually redirecting victims to the phishing website.