Hackers are utilizing the dreaded “zero font” tactic in phishing emails, instilling a false sense of legitimacy in in any other case malicious threats, researchers are saying.
Simply because the identify suggests, zero font is a tactic wherein hackers use the scale 0 for a font, ensuring textual content invisible to the human eye. On the identical time software program, and extra importantly – antivirus and e-mail safety software program – can learn it. Risk actors leverage this reality to confuse e-mail safety options and have in any other case malicious emails find yourself within the inbox, as a substitute of the spam folder.
On this explicit occasion, nonetheless, it’s not simply to confuse software program, however to confuse the reader, as nicely. That is in line with ISC Sans analyst Jan Kopriva, who’s seen a pattern of a malicious e-mail. When a sufferer receives a message within the Outlook consumer, there are 3 ways to learn it – the listing of emails, often positioned to the left, the preview pane, often seen to the precise, and in a separate window, after double-clicking the message within the e-mail listing.
By utilizing zero font, hackers can sort in textual content that can present up within the e-mail listing, however not within the e-mail itself. On this occasion, they used “Scanned and secured by Isc®Superior Risk safety (APT),” attempting to make the recipient assume the e-mail message was scanned by an endpoint safety answer and was deemed clear.
That might consequence within the recipients reducing their guard and clicking on hyperlinks and downloading any attachments coming with the e-mail. This explicit e-mail marketing campaign supplied a brand new job alternative to the recipients, one thing we’ve seen Mission Lazarus do prior to now.
Whereas in his writeup, Kopriva warned Outlook customers, this isn’t the one e-mail consumer that shows content material in an e-mail listing no matter font measurement.
Through BleepingComputer
