Security researchers have been warning about a simple technique that cyber criminals and email scammers are using in the wild to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners.
Dubbed ZeroFont, the technique involves inserting hidden words with a font size of zero within the actual content of a phishing email, keeping its visual appearance same, but at the same time, making it non-malicious in the eyes of email security scanners.
According to cloud security company Avanan, Microsoft Office 365 also fails to detect such emails as malicious crafted using ZeroFont technique.
Like Microsoft Office 365, many emails and web security services use natural language processing and other artificial intelligence-based machine learning techniques to identify malicious or phishing emails faster.
The technology helps security companies to analyze, understand and derive meaning from unstructured text embedded in an email or web page by identifying text-based indicators, like email scams mimicking a popular company, phrases used to request for payments or password resets, and more.
However, by adding random zero font-size characters between the indicator texts present in a phishing email, cybercriminals can transform these indicators into an unstructured garbage text, hiding them from the natural language processing engine.