ZeroFont

Cyber-criminals are currently using a trick that allows them to bypass Microsoft's security filters and deliver spam and phishing emails to Office 365 email accounts.

Called ZeroFont, the technique is not new, being known for decades, and relies on interposing zero-width font characters inside normal text.

While a human reader will not see the zero-width characters, the entire text, including the hidden characters, will be visible to email security software.

The goal is to trick the email security system into thinking this is a giant block of rambling text, but show human recipients the "lure" of the phishing emails.

ZeroFont technique GIF

< span style="FONT-SIZE: 0px" >This is how you hide text with the ZeroFont technique < /span >

The technique has been known and used for years, and most email security systems will usually mark emails as suspicious if they contain text with zero-width settings.

Office 365 cannot detect zero-width fonts

But according to Avanan, a company specialized in cloud security, Microsoft's Office 365 platform does not mark these emails as malicious.

Avanan says ZeroFont is efficient mainly because of Microsoft's reliance on natural language processing to scan emails and determine if a message's content contains text-based indicators often found in phishing or fraud emails, such as requests for payments, various keywords, and more.

By inserting large quantities of hidden zero-width text inside an email's body, crooks are hiding these indicators from the Office 365 natural language processing engine, effectively drowning their "lure" in a sea of random words, which are invisible to the human eye, but not to Microsoft's system.

Avanan says it detected the ZeroFont technique currently being used in the wild, alongside other tricks that involve Punycode, Unicode, or Hexadecimal Escape Characters.

Last month, Avanan researchers also discovered that Office 365 was also not detecting links to phishing sites that were split into two parts using the < base > HTML tag.

Related Articles:

BEC Scammer To Serve Five Years And Pay $2.5 Million

Crooks Combine Phishing and Impersonation For Higher Success Rate

Microsoft Office 365 Having Login and Activation Issues

Microsoft Office For Windows Updated With New Features for Insiders

New Windows 10 Mail App Update Lets You Draw Your Emails