Tiny Font Size Fools Email Filters in BEC Phishing

The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.

A new business email compromise (BEC) campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users.

Researchers at Avanan, a CheckPoint company, first discovered the campaign – dubbed One Font because of the way it hides text in a one-point font size within messages – in September.

Attackers also are hiding links within the cascading style sheets (CSS) in their phishing emails: another tactic that serves to confuse natural language filters like Microsoft’s Natural Language Processing (NLP), researchers said in a report posted online Thursday.

Register now for our LIVE event!

The One Font campaign also includes messages with links coded within the <font> tag, which – in combination with the other obfuscation techniques – also destroy the effectiveness of email filters that depend on natural language for their analysis, according to Jeremy Fuchs, a cybersecurity researcher at Avanan.

“This breaks semantic analysis, which leads many

Read More: https://threatpost.com/tiny-font-size-email-filters-bec-phishing/176198/