Hackers Use ZeroFont Phishing To Goal Microsoft Outlook Customers

In a current phishing marketing campaign, the researchers seen using the long-known ZeroFont phishing method to trick Microsoft Outlook customers. Customers want to stay vigilant when interacting with unsolicited emails, particularly checking if the e-mail preview and the precise e mail physique don’t match.

Newest ZeroFont Phishing Marketing campaign Targets Outlook Customers

In a current postJan Kopriva, an analyst from the Web Storm Middle (ISC) Sans has shared particulars a few new zerofont phishing marketing campaign.

Because the time period implies, ZeroFont phishing entails text-based phishing scams, normally involving emails, the place the attackers disguise some textual content characters by getting into them with zero font dimension. This makes the characters invisible to the reader, however the algorithms and NLPs can nonetheless learn them. Thus, such characters might facilitate the attackers in bypassing safety checks.

That’s what Kopriva discovered beneath assault in a current phishing marketing campaign. Whereas the publish consists of the main points in regards to the phishing assault, briefly, the phishing e mail raised suspicion when the researcher seen a special e mail preview from the message physique when viewing the e-mail by way of Microsoft Outlook.

Particularly, he discovered the e-mail preview displaying a phrase, “Scanned and secured by Isc®Advanced Threat protection (APT):  9/22/2023T6:42 AM” that nowhere existed inside the e mail physique. This phrase, showing proper beneath the e-mail topic “Email Opportunity…” added weightage to the e-mail’s security, tricking a consumer into believing that the e-mail handed antivirus detection.

Nevertheless, on condition that Microsoft Outlook by no means reveals such safety alerts with emails and that this phrase didn’t seem inside the e mail physique, the researcher noticed the phishing attempt. Then, studying the e-mail message additional confirmed his suspicion because it exhibited dangerous grammar and poor textual content development.

Though ZeroFont phishing isn’t a brand new method – it first surfaced on-line in 2018 when Avanan reported it intimately, Kopriva believes such exploitation of this system to trick customers is considerably new. Subsequently, customers, notably these counting on e mail previews, should stay vigilant whereas checking emails, particularly unsolicited ones, no matter whether or not they bypass or declare to have handed e mail safety measures.

Tell us your ideas within the feedback.

Author: Abeerah Hashim
Date: 2023-10-02 09:39:03

Source link



Related articles

Alina A, Toronto
Alina A, Torontohttp://alinaa-cybersecurity.com
Alina A, an UofT graduate & Google Certified Cyber Security analyst, currently based in Toronto, Canada. She is passionate for Research and to write about Cyber-security related issues, trends and concerns in an emerging digital world.


Please enter your comment!
Please enter your name here