The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
A new business email compromise (BEC) campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users.
Researchers at Avanan, a CheckPoint company, first discovered the campaign – dubbed One Font because of the way it hides text in a one-point font size within messages – in September.
Attackers also are hiding links within the cascading style sheets (CSS) in their phishing emails: another tactic that serves to confuse natural language filters like Microsoft’s Natural Language Processing (NLP), researchers said in a report posted online Thursday.
The One Font campaign also includes messages with links coded within the <font> tag, which – in combination with the other obfuscation techniques – also destroy the effectiveness of email filters that depend on natural language for their analysis, according to Jeremy Fuchs, a cybersecurity researcher at Avanan.
“This breaks semantic analysis, which leads many