- Security researchers warn about “hidden text salts” in emails
- Computer pirates can hide parts of the text to confuse email scanners
- The hidden text helps email to pass the scan and land on the entrance tray
Computer pirates use more and more “hidden text salation” techniques, or “poisoning” techniques, to work around email safety measures and obtain phishing messages to land on people’s entry trays .
A new in -depth guide published by Cisco Talos cybersecurity researchers describes how cybercriminals are abusing the HTML and CSS properties in email messages, establishing the width of some elements in 0 and using the “Display: Hidden” function to hide The content of the content of the victims content. They are also inserting zero width space characters (ZWSP) and zero width (ZWNJ), and finally hiding the true email content, embeding an irrelevant language.
As a result, email safety solutions, spam filters and brand extractors are confused, and emails that would otherwise end up in the spam folder, directly manage to the entrance tray.
Advanced filtering
In his article, Cisco Talos has given multiple examples, including one in which the attackers hid French words in the body of email. This confused Exchange Protection online spam filter (EOP) of Microsoft that finally allows the message to pass.
In another example, Cisco Talos said that the threat actors were using CSS and ZWSP characters to hide email content, successfully imitating Wells Fargo and Norton Lifelock.
To address this strategy, the researchers suggested that IT teams adopt advanced filtering techniques that scan the HTML emails structure, instead of only their contents. An email security solution could, therefore, seek the extreme use of online styles or CSS properties such as “visibility: hidden”. The implementation of defenses with AI is also recommended.
The email remains one of the main attack vectors, due to its simplicity, omnipresence and low cost for large -scale operation. It also owes its popularity to the fact that it attacks the email security chain in its weakest link: the human.
