- Cisco Talos says that computer pirates are abusing CSS in emails
- The language of the style sheet is used to hide content, track the behavior of people and more
- Researchers suggest that IT teams adopt advanced filtering techniques
Cybercriminals are using CSS in emails to track their victims, learn more about them and redirect them to Phishing pages, experts warned.
Cisco Talos cybersecurity researchers described how CSS (waterfall -style sheets) is used in emails to control the design, design and formatting of the email content. Companies use not only to make emails look better, but also to maintain the design consisting of different email customers. There is nothing inherently malicious about CSS, but, as is the case with many other legitimate tools, attacks are being abused.
“The characteristics available in CSS allow the attackers and spammers to track the actions and preferences of the users, despite the fact that several characteristics related to the dynamic content (for example, Javascript) are restricted in email customers compared to the web browsers,” said a Cisco Talos researcher in a report.
Advanced filtering techniques
Through CSS, cybercriminals can hide content in sight, thus avoiding email security solutions. They can also use it to redirect people to Phishing pages, he said. The tool can be used to monitor user behavior that, in turn, can lead to phishing attacks or digital footprints.
“This abuse can vary from the identification of the preferences of the source and the color scheme of the recipients and the language of the client until the monitoring of their actions (for example, visualization or printing of emails),” they said. “CSS provides a wide range of rules and properties that can help users of digital footprints of spammers and threat actors, their email or email customer and system. For example, the media can detect certain attributes of the environment of a user, including screen size, resolution and color depth.”
Cisco Talos said that the new campaign is based on a “hidden text saling” that they discovered at the end of January 2025.
To address this threat, the researchers suggested that IT equipment adopted advanced filtering techniques that scan the structure of HTML emails, instead of only their contents. An email security solution could, therefore, seek the extreme use of online styles or CSS properties such as “visibility: hidden”. The implementation of defenses with AI is also recommended.
Through The hacker news
