Microsoft's phishing filter easily mislead by hidden text in emails


#1

Originally published at: https://www.myce.com/news/microsofts-phishing-filter-easily-mislead-by-hidden-text-in-emails-84475/

Security company Avanan reports that attackers have found a way to bypass Microsoft’s phishing filter. Cybercriminals use hidden words with a font-size of zero in the phishing mails, this means they are invisible to the receiver, but help to mislead the Microsoft filter.


#2

Also why are you opening Nigeria bucks. Even if you get the email the user must click on the links or images to get infected.


#3

What happens if the sender also includes hidden text wrapped in a HTML-style comment?

So, for example, if the code says:
© 2018 Micro<!--123-->soft
Would that be able to fool Microsoft’s phishing filter?