How Attackers Fool Microsoft Protection in Office 365?

Cybercriminals have been leveraging a technique that involves manipulating font sizes in an effort to increase the chances of their phishing emails bypassing the protections implemented by Microsoft in Office 365.

In recent attacks spotted by cloud security company Avanan, cybercriminals sent out phishing emails in which some of the content is set to be displayed with zero-size font by using <span stlye="FONT-SIZE:0px">.

The email looks normal to the user, as below shows:

But Microsoft’s systems will analyze the following text, which includes strings that are invisible to the user due to the “FONT-SIZE: 0px” attribute:

This technique is called ZeroFont, which is not new and has been known for decades already, and relies on interposing zero-width font characters inside normal text. However, Office 365 cannot detecte such kind of phishing emails because of its reliance on natural language processing to scan emails, not vision, to determine the result.

“Microsoft can not identify this as a spoofing email because it cannot see the word ‘Microsoft’ in the un-emulated version. Essentially, the ZeroFont attack makes it possible to display one message to the anti-phishing filters and another to the end user,” Avanan’s Yoav Nathaniel said in a blog post.

So if you are using Office365 email system now, are you a bit scary about your email security?

No worry! Mr. Post will help you!

By using the advanced computer vision technology, Mr. Post can see through the surface, and easily find out those hidden traps inside the emails.

Mr. Post, The Ultimate Guard of Your Email! You can free to install it now from Microsoft AppSource.

Reference:

[1] https://www.securityweek.com/phishers-use-zerofont-technique-bypass-office-365-protections

[2] https://www.bleepingcomputer.com/news/security/zerofont-technique-lets-phishing-emails-bypass-office-365-security-filters/

[3] Photo by Amador Loureiro on Unsplash

2018-08-02T03:31:10+00:00July 11th, 2018|Insight|