Email Phishers Using A Simple Way to Bypass MS Office 365 Protection

Bycyberonesol

Email Phishers Using A Simple Way to Bypass MS Office 365 Protection

Security researchers have been warning about a simple technique that cyber criminals and email scammers are using in the wild to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners.

Dubbed ZeroFont, the technique involves inserting hidden words with a font size of zero within the actual content of a phishing email, keeping its visual appearance same, but at the same time, making it non-malicious in the eyes of email security scanners.

According to cloud security company Avanan, Microsoft Office 365 also fails to detect such emails as malicious crafted using ZeroFont technique.

Like Microsoft Office 365, many emails and web security services use natural language processing and other artificial intelligence-based machine learning techniques to identify malicious or phishing emails faster.

The technology helps security companies to analyze, understand and derive meaning from unstructured text embedded in an email or web page by identifying text-based indicators, like email scams mimicking a popular company, phrases used to request for payments or password resets, and more.

206+02560156016.PNG

However, by adding random zero font-size characters between the indicator texts present in a phishing email, cybercriminals can transform these indicators into an unstructured garbage text, hiding them from the natural language processing engine.

Therefore, the email looks normal to a human eye, but Microsoft reads the entire garbage text, even if some words are displayed with a font size of “0.”

“Microsoft can not identify this as a spoofing email because it cannot see the word ‘Microsoft’ in the un-emulated version,” reads Avanan’s blog post. “Essentially, the ZeroFont attack makes it possible to display one message to the anti-phishing filters and another to the end user.”

206+02560156017.PNG

Besides the ZeroFont technique, Avanan also detected hackers using other similar tricks that involve Punycode, Unicode, or Hexadecimal Escape Characters in their phishing attacks.

Last month, researchers from the same company reported that cybercriminals had been splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.

About the author

cyberonesol administrator

Cyber One Solutions is a Managed Security and IT Services Provider headquartered in Houston Texas. Since our inception, Cyber One Solutions has helped businesses of all sizes turn their IT into an unfair competitive advantage. We've been helping companies and organizations alike tackle their complex IT challenges through our unique approach to comprehensive technology management and consultancy services, as well as a commitment to excellence in customer service. We are one of the nation's leading Managed Service Providers with a deep bench o certified technical engineers and IT support staff ready to provide technology management and consultancy services to help businesses continue to grow and thrive.

You must be logged in to post a comment.

%d bloggers like this: