Avanan says ZeroFont is efficient mainly because of Microsoft’s reliance on natural language processing to scan emails and determine if a message’s content contains text-based indicators often found in phishing or fraud emails, such as requests for payments, various keywords, and more.

By inserting large quantities of hidden zero-width text inside an email’s body, crooks are hiding these indicators from the Office 365 natural language processing engine, effectively drowning their “lure” in a sea of random words, which are invisible to the human eye, but not to Microsoft’s system.

Avanan says it detected the ZeroFont technique currently being used in the wild, alongside other tricks that involve PunycodeUnicode, or Hexadecimal Escape Characters.

Last month, Avanan researchers also discovered that Office 365 was also not detecting links to phishing sites that were split into two parts using the < base > HTML tag.

Source: https://www.bleepingcomputer.com/news/security/zerofont-technique-lets-phishing-emails-bypass-office-365-security-filters/