Microsoft's phishing filter easily mislead by hidden text in emails

Originally published at: https://www.myce.com/news/microsofts-phishing-filter-easily-mislead-by-hidden-text-in-emails-84475/

Security company Avanan reports that attackers have found a way to bypass Microsoft’s phishing filter. Cybercriminals use hidden words with a font-size of zero in the phishing mails, this means they are invisible to the receiver, but help to mislead the Microsoft filter.

Also why are you opening Nigeria bucks. Even if you get the email the user must click on the links or images to get infected.

What happens if the sender also includes hidden text wrapped in a HTML-style comment?

So, for example, if the code says:
© 2018 Micro<!--123-->soft
Would that be able to fool Microsoft’s phishing filter?