Have you recently received an email that includes tiny font? A phishing campaign involving tiny font is making its way around the web. The One Font campaign, as it’s known, targets Microsoft 365 users. It relies on a variety of advanced obfuscation (e.g. “smoke screen”) techniques designed to fool natural language processing (NLP) filters.
In September of this year, researchers with Avanan, a Check Point company, spotted the first signs of this phishing campaign. The name of the campaign, One Font, derives from the fact that the scheme hides text in one point font within malicious messages.
Once malicious emails have made it past the NLP filters, the emails use typical phishing and engineering tactics. Attackers include a password expiration notice, which lures potential victims into clicking on malicious links. The links take users to fraudulent URLs, where a prompt advises individuals to type in their credentials. Then, criminals pinch credentials and deploy them in nefarious activities.
Cyber security researchers have shown how specific phishing emails combined a cadre of tactics –specifically, hidden links inserted into the <font> tag and then reduced in size- to dupe natural language filters. Users tend not to notice these types of obfuscation techniques. As a result, they can inadvertently put an organization in danger.
Researchers recommend that organisations opt for a multi-tiered security solution. Such a solution should combine advanced artificial intelligence and machine learning, and include static layers, like domain and sender reputation screens. Implementing a security architecture that focuses on multiple factors in identifying and blocking malicious emails can help mitigate attacks. In addition, corporate users are encouraged to confirm content validity with an IT department ahead of clicking on questionable messages.
If you need any advice please contact us here at Valkyrie; we have the expertise to help.
E: security@valkyrie.co.uk | T: +44 (0) 20 7499 9323