Phishing with Invisible Ink

Phishing with Invisible Ink

By Dr. Guy Bunker

You might remember as a child, there was a revelation…invisible ink. Whether it was lemon juice, or the more modern (and frankly less messy) pen with UV light, there was suddenly something interesting in science lessons.  Furthermore, you could write messages to your friends which no-one else could see. What fun.

Stepping forward to today, there is now a new type of phishing which uses invisible ink, or as it’s also called, ‘zero font’, as a means to beat the spam and phishing filters. Anti-spam / phishing filters work in several different ways; they look for specific words or phrases and there is then a statistical element. If there are 100,000 instances of the same message, it’s probably spam. When it comes to phishing, protection technology will look for words like ‘bank’, ‘account’, ‘change’, ‘update’ and where the email seems to have come from eg. is the address spoofed?  Are there URL’s which point to known cyber-crime sites?  All this information comes together to create a score and therefore an action. However, in a bid to beat the protection which is deployed, new techniques are used, or old ones are resurrected with a new twist.  Zero font is just one of those.

The idea is relatively simple… “what you see is not what you get.” Email messages are composed using HTML, and in between the actual message are other characters, but with a font size of zero.  From an analysis side, the text is there, but when it’s displayed, it isn’t as it is in effect hidden. The cyber-criminals use this to break up words which would otherwise be caught by the filters.  So, “account” could become “actually count”, with the “tually “ being in a zero point font.  This can also be used in URLs, in fact, any text. Cyber-criminals can then change the ‘hidden’ words so that no two emails are the same.

Of course, as new methods to beat the protection systems come out, so too do new methods to defeat the new methods.

At Clearswift, we are dedicated to protecting you against new threats, and suffice to say, we already protect our customers from Invisible Ink / Zero Font types of exploit.

Learn more about the Clearswift SECURE Email Gateway and its multitude of threat prevention and data loss prevention tools that provide a holistic solution for your organization to collaborate safely and securely via email.