The tactic, which we are calling ZeroFont, involves inserting hidden words with a font size of zero that are invisible to the recipient in order to fool Microsoft’s natural language processing,” reads the analysis published by Avanan. “Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft’s phishing scans.
The researchers from Avanan have recently discovered phishing campaigns using emails in which some of the content is set to be displayed with zero-size font using, for this reason, they dubbed the technique ZeroFont. One of the detection mechanisms implemented by Microsoft in Office 365 leverages the natural language processing for the identification of the content of the email messages associated with malicious campaigns.įor example, an email including the words “Apple” or “Microsoft” that are not sent from legitimate domains, or messages referencing user accounts, password resets or financial requests are flagged as malicious.
