New phishing method bypasses MS Office protection!
Security researchers are warning about a new simple phishing method cybercriminals and other scammers have started using to bypass MS Office 365 Protection. The technique involves implementing hidden words and visually make it appear non-malicious for the email security scanners. This technique is called ZeroFont.
Many e-mail and web security services use artificial intelligence-based machine learning and natural language processing to identify phishing e-mails faster. This helps companies to analyze and understand any unstructured text in an e-mail that may be used to request payments, password resets etc.
However, the technique ZeroFont gives scammers a loophole. Security services cannot identify ZeroFont scam e-mails as cybercriminals transform indicators into unstructured garbage text that hides from the natural language processing.
The ZeroFont technique enables scammers to display one message to the anti-phishing filters and another to the end user. Apperently Microsfot can not idenfity this as a scam e-mail. Since, their services cannot detect the word "Microsoft" in the un-emulated version.