Search This Blog

Powered by Blogger.

Blog Archive

Labels

Threat Actors Use Tiny Font Size to Bypass Email Filters in BEC Phishing Campaign

The phishing campaign is targeting Microsoft 365 users.

 

A new Business Email Compromise (BEC) campaign targeting Microsoft 365 users employs an array of innovative sophisticated tactics in phishing emails to avoid security protections. 

Researchers at email security firm Avanan first discovered the campaign in September that can fool natural language processing filters through hiding text in a one-point font size within mails. Attackers are also concealing links within the Cascading Style Sheets (CSS) in their phishing emails. This is one more tactic that serves to confuse pure language filters like Microsoft’s Normal Language Processing (NLP), researchers stated in a report. 

According to cybersecurity expert Jeremy Fuchs, the One Font campaign also includes messages with links coded within the font> tag, which destroys the potency of email filters that rely on natural language for analysis.

 “This breaks semantic analysis, which leads many solutions to treat it as a marketing email, as opposed to phishing. Natural language filters see random text; human readers see what the attackers want them to see,” Fuchs explained.

In 2018, researchers uncovered an identical campaign called ZeroFont, which employed similar strategies to move past Microsoft NLP in its Office 365 security protections. That campaign inserted concealed text with the font dimension of zero inside messages to fool email scanners that rely on natural language processing in order to spot malicious e-mails. 

According to Avanan analysts, just like ZeroFont, One Font also targets Office 365 enterprises, an action that can lead to BEC, and finally compromise the firm’s network if the emails aren’t flagged and users are duped into handing over their credentials. 

The moment it reaches mailboxes and makes users believe that is an authentic message, the One Font campaign employs standard phishing social-engineering techniques to capture their attention. Then, the threat actors present what appears to be a password-expiration notification, using urgent messaging to entice the target to click on a malicious link.

The fraudulent link carries victims to a phishing page where they appear to be entering their credentials in order to update their passwords. Instead, threat actors steal their credentials to use them for malicious purposes. 

How to minimize threats? 

According to Jeremy Fuchs, organizations should opt for a multi-tiered security solution that integrates highly developed artificial intelligence and machine learning, as well as static layers like domain and sender reputation. 

Implementing a security architecture that focuses on multiple factors to restrict an email and needing corporate users to verify with an IT department before interacting with any email that requests a password update can also help in mitigating risks.
Share it:

Cyber Security

Email Account Compromise

Malicious Emails

Phishing Campaign