1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious phishing scam makes it look like dodgy emails are ac

    From TechnologyDaily@1337:1/100 to All on Thu Sep 28 17:45:04 2023
    This devious phishing scam makes it look like dodgy emails are actually safe

    Date:
    Thu, 28 Sep 2023 17:30:48 +0000

    Description:
    Hackers are using the zero-font tactic on phishing emails now, lulling
    victims into a false sense of security.

    FULL STORY ======================================================================

    Hackers are using the dreaded zero font tactic in phishing emails ,
    instilling a false sense of legitimacy in otherwise malicious threats, researchers are saying.

    Just as the name suggests, zero font is a tactic in which hackers use the
    size 0 for a font, making certain text invisible to the human eye. At the
    same time software, and more importantly - antivirus and email protection software - can read it. Threat actors leverage this fact to confuse email security solutions and have otherwise malicious emails end up in the inbox, instead of the spam folder.

    In this particular instance, however, its not just to confuse software, but
    to confuse the reader, as well. This is according to ISC Sans analyst Jan Kopriva, whos seen a sample of a malicious email. When a victim receives a message in the Outlook client, there are three ways to read it - the list of emails, usually located to the left, the preview pane, usually seen to the right, and in a separate window, after double-clicking the message in the email list. Scanned by a security tool?

    By using zero font, hackers can type in text that will show up in the email list, but not in the email itself. In this instance, they used Scanned and secured by IscAdvanced Threat protection (APT), trying to make the recipient think the email message was scanned by an endpoint security solution and was deemed clean.

    That could result in the recipients lowering their guard and clicking on
    links and downloading any attachments coming with the email. This particular email campaign offered a new job opportunity to the recipients, something
    weve seen Project Lazarus do in the past.

    While in his writeup, Kopriva warned Outlook users, this is not the only
    email client that displays content in an email list regardless of font size.

    Via BleepingComputer More from TechRadar Pro Top data breaches and cyber attacks of 2022 Here's a list of the best firewalls These are the best
    malware removal solutions right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-phishing-scam-makes-it-loo k-like-dodgy-emails-are-actually-safe


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)