Saturday, December 9, 2023

ZeroFont Phishing: Hackers Manipulating Font Size to Bypass Office 365 Security

A new but ancient technique for Phishing emails has been recently identified called ZeroFont Phishing. Threat actors have followed several tactics for sending phishing emails, bypassing all the security mechanisms.

However, using this technique, threat actors could bypass Microsoft’s Natural Language Processing, which was acting as a Phishing email protection for Office users. 


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Office 365 – Natural Language Processing

Microsoft has been working towards their way of securing its customers in all aspects. One of the major areas they focus on is phishing (Business Email Compromise) attacks, which have been the most used technique by threat actors for infiltrating organizations.

To prevent these phishing emails, Microsoft has been relying on Natural Language Processing, which scans the contents of an email for signs of impersonation or fraud. If an email content includes text like “© 2018 Microsoft Corporation. All rights reserved” and the email is not from, Microsoft immediately flags this email as fraudulent.

This technique was also used to interpret email contents like banking information, user accounts, password resets, and financial requests and are checked for authenticity. However, threat actors bypassed this technique using the ZeroFont Phishing attack.

ZeroFont Phishing

The threat actor sends an email to the victim impersonating an Office 365 quota limit notification, which looks like an administrative service email. However, this phishing email bypassed the protection due to the use of the ZeroFont attack.

ZeroFont Phishing attack (Source: AVANAN)

Threat actors inserted random text inside the email, which had <span style=”FONT-SIZE: 0px”> for a zero font size, and broke up the text strings to bypass Microsoft’s natural language processing. 

Source: Avanan

A complete report has been published by Avanan, which provides detailed information about this attack and bypass scenarios used by threat actors. 

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


Latest articles

WordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

A critical remote code execution vulnerability has been patched as part of the Wordpress...

Russian Star Blizzard New Evasion Techniques to Hijack Email Accounts

Hackers target email accounts because they contain valuable personal and financial information. Successful email...

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles