New phishing method bypasses MS Office protection!

Security researchers are warning about a new simple phishing method cybercriminals and other scammers have started using to bypass MS Office 365 Protection. The technique involves implementing hidden words and visually make it appear non-malicious for the email security scanners. This technique is called ZeroFont.

Many e-mail and web security services use artificial intelligence-based machine learning and natural language processing to identify phishing e-mails faster. This helps companies to analyze and understand any unstructured text in an e-mail that may be used to request payments, password resets etc. 

However, the technique ZeroFont gives scammers a loophole. Security services cannot identify ZeroFont scam e-mails as cybercriminals transform indicators into unstructured garbage text that hides from the natural language processing.

The ZeroFont technique enables scammers to display one message to the anti-phishing filters and another to the end user.  Apperently Microsfot can not idenfity this as a scam e-mail. Since, their services cannot detect the word "Microsoft" in the un-emulated version.