Hackers are using the dreaded “zero font” tactic in phishing emails, instilling a false sense of legitimacy in otherwise malicious threats, researchers are saying.
Just as the name suggests, zero font is a tactic in which hackers use the size 0 for a font, making certain text invisible to the human eye. At the same time software, and more importantly – antivirus and email protection software – can read it. Threat actors leverage this fact to confuse email security solutions and have otherwise malicious emails end up in the inbox, instead of the spam folder.
In this particular instance, however, it’s not just to confuse software, but to confuse the reader, as well. This is according to ISC Sans analyst Jan Kopriva, who’s seen a sample of a malicious email. When a victim receives a message in the Outlook client, there are three ways to read it – the list of emails, usually located to the left, the preview pane, usually seen to the right, and in a separate window, after double-clicking the message in the email list.
Scanned by a security tool?
By using zero font, hackers can type in text that will show up in the email list, but not in the email itself. In this instance, they used “Scanned and secured by Isc®Advanced Threat protection (APT),” trying to make the recipient think the email message was scanned by an endpoint security solution and was deemed clean.
That could result in the recipients lowering their guard and clicking on links and downloading any attachments coming with the email. This particular email campaign offered a new job opportunity to the recipients, something we’ve seen Project Lazarus do in the past.
While in his writeup, Kopriva warned Outlook users, this is not the only email client that displays content in an email list regardless of font size.