Cyber-criminals are currently using a trick that allows them to bypass Microsoft’s security filters and deliver spam and phishing emails to Office 365 email accounts.
Called ZeroFont, the technique is not new, being known for decades, and relies on interposing zero-width font characters inside normal text.
While a human reader will not see the zero-width characters, the entire text, including the hidden characters, will be visible to email security software.
The goal is to trick the email security system into thinking this is a giant block of rambling text, but show human recipients the “lure” of the phishing emails.
The technique has been known and used for years, and most email security systems will usually mark emails as suspicious if they contain text with zero-width settings.
But according to Avanan, a company specialized in cloud security, Microsoft’s Office 365 platform does not mark these emails as malicious.
Avanan says ZeroFont is efficient mainly because of Microsoft’s reliance on natural language processing to scan emails and determine if a message’s content contains text-based indicators often found in phishing or fraud emails, such as requests for payments, various keywords, and more.
By inserting large quantities of hidden zero-width text inside an email’s body, crooks are hiding these indicators from the Office 365 natural language processing engine, effectively drowning their “lure” in a sea of random words, which are invisible to the human eye, but not to Microsoft’s system.
Last month, Avanan researchers also discovered that Office 365 was also not detecting links to phishing sites that were split into two parts using the < base > HTML tag.