A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center.
The emails use soft hyphens to break up the subject line “Your Password is About to Expire” so the messages aren’t flagged as malicious. The email client doesn’t render the hyphens, however, so the user sees a normal sentence.
“Although soft hyphens aren’t – strictly speaking – invisible, Outlook as well as most other e-mail clients don’t render them as visible text in most cases,” Kopriva writes. “The use of the soft hyphen character – combined with splitting the subject into multiple MIME encoded words – was clearly intended as an attempt at bypassing e-mail filtering mechanisms that are supposed to automatically detect potentially malicious messages.”
In addition to the subject line, the entire email body was littered with these invisible hyphens. While the user reads a normal message asking them to reset their password, automated security systems will see random letters separated by hyphens.
“[A]lthough the use of invisible characters in phishing e-mails in general (and of the use of the ‘shy’ character in particular) is quite common when it comes to making the contents of e-mail messages less readable to security solutions, it is quite unusual to see it also applied to the subject of a message,” Kopriva says.
If the user clicks the link in the email, they’ll be taken to a phony login page designed to steal their email account credentials.
Attackers are always looking for ways to bypass technical security measures in order to target humans directly. AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
SANS Internet Storm Center has the story.
