ZeroFont Phishing Technique – Simple yet effective

December 11, 2019
zerofont phishing technique office365

Cyber criminals area at it again. And this time, they are after familiar territory – using ZeroFont on Microsoft Office 365.

Ever since the developments in security for messaging systems, security experts have already given us due notice regarding the possible threats of bogus or fraudulent emails.

This will be an ever-growing hazard since in this digital age, almost everyone on the planet is actively using emails to communicate and as a means of information exchange.

In order for email clients to identify malicious contents, they use natural language administration and processing to identify text characters used in fraudulent email messages. And just like Office 365 – language processing and other AI-based machine learning methods help to pinpoint phishing emails faster.

These technologies give security companies the power to understand and carefully analyze unidentified and embedded messages like phishing scams, mimic phrases, and automated requests for credentials, account resets, including online payments.

Unfortunately, the hackers, the creative criminals they are, used a rather simple method of infiltrating that security. Called the ZeroFont, a technique that involves injecting masked or concealed words with a font size of zero (“0”) from within the actual content of the phishing emails. This method intelligently keeps the message’s visual appearance the same and at the same time, making it look safe and legitimate in the eyes of secure email scanners.

Researchers from Avanan, a cloud security company based in New York, Office 365 has one of the most advanced security protocols available and yet they fail to detect such phishing emails as carefully made and using the ZeroFont method.

Just last month, numerous attacks from cybercriminals have been identified and documented – all of them cracking fraudulent URLs in order to circumvent the safety features of several email clients, including Office 365.

Avanan says the reason why ZeroFont is so effective is because of Microsoft’s dependency on language processing techniques to scan emails. Cybercriminals takes advantage of this loophole by injecting huge amounts of concealed zero-width texts within the email body, hidden in the language processing engine, thus making it entirely invisible to the human eye.

Luckily for Microsoft, there are several tricks that Avanan was able to use that helped in detecting these activities – Unicode, Hexa Escape Characters and Punycode. Let’s just hope that this breakthrough gives them the opportunity to get their heads in the game and better develop their security.

About the author

Leave a Reply