"Hackers Trick Outlook into Showing Fake AV Scans"

Threat actors are using an existing technique of zero-point font obfuscation in a novel way to trick Microsoft Outlook users into thinking antivirus scans have successfully vetted phishing emails. The technique could increase the likelihood of phishing emails bypassing security measures and convincing recipients to fall for scams. Jan Kopriva, an analyst at the SANS Internet Storm Center, discovered a phishing email that used text written in a font with zero-pixel size, an obfuscation technique first documented by researchers at Avanan in 2018 and dubbed ZeroFont Phishing. It is not new for attackers to embed text with zero font size in phishing emails to break up text written in a normal, visible manner, making it more difficult for automated email scanning systems to detect suspicious messages. However, the ZeroFont method observed by Kopriva had a different goal. This article continues to discuss the phishing obfuscation tactic being used by attackers. 

Dark Reading reports "Hackers Trick Outlook into Showing Fake AV Scans"

Submitted by grigby1