Microsoft’s phishing filter easily mislead by hidden text in emails

Posted 20 June 2018 23:56 CET by Jan Willem Aldershoff

Security company Avanan reports that attackers have found a way to bypass Microsoft’s phishing filter. Cybercriminals use hidden words with a font-size of zero in the phishing mails, this means they are invisible to the receiver, but help to mislead the Microsoft filter.

(Demonstration of fiddling with the font-size. Credits Avanan)

Microsoft utilizes natural language processing to determine whether email content is legit. When e.g the email footer contains “© 2018 Apple Corporation. All rights reserved”, but the email isn’t coming from the domain, the email is flagged as fraudulent. Through natural language processing the context and intent of the text is interpreted and correlated to the sender.

By manipulating the font-size, it’s possible to trick the filter into reading other words than the actual receiver of the mail. That’s possible because Microsoft’s filter only reads the plain text content of the email, while users usually read the HTML version.

Related content

Comments on this story

We don't show comment's on news stories, instead you are very welcome to join the discussion on this topic on our forum.

Discuss this story here