Css style

Attackers use CSS to trick anti-phishing systems

Email and collaboration security firm Avanan has spotted an attack that uses several techniques to trick natural language scanners into anti-phishing systems.

The attack uses a mixture of techniques to hide content from people while making it visible to machines.

The first obfuscation technique uses Cascading Style Sheet (CSS) information to hide links. CSS is invisible metadata that tells a browser how to display text and images.

The attackers also hide links inside the

These attacks lead to credential collection pages in a victim’s inbox, the company explained. The CSS hack creates “gibberish” for natural language filters while displaying a fully rendered email to victims, he explained.

Many anti-phishing scanners use natural language processing to detect signs of fraudulent emails. They might treat an email with suspicion if it wasn’t from Apple but included text like “© 2018 Apple Corporation. All rights reserved” in the body of the text, the company explained in another blog post. .

Although users do not see the links embedded in these latest attacks, they are deceiving anti-phishing scanners. “This combination can disrupt the semantic analysis of the text, which leads many to treat it as a marketing email rather than a phishing email,” the company added.

Associated resource

2021 State of Email Security Report: Ransomware on the Rise

Securing the business in the COVID world

Free download

This is the latest iteration in a series of techniques Avanan has seen phishing criminals use to bypass email scanners. These include setting the font size to zero and inserting hidden text which would break up text visible to victims. This is an old spammer attack that was originally used to bypass anti-spam software.

The company recommends using a layered approach to phishing protection, including domain and sender scan tools, to increase their chances of detecting malicious emails. Businesses should also train users to confirm with IT before changing a password, he concluded.

Avanan made headlines last month when she discovered phishing attackers posing as DocuSign communications.

Featured Resources

APEX Business Value

The Business Value of Dell Technologies APEX as-a-Service Solutions

Download now

How Upgraded Server and Storage Platforms Support Digital Transformation

New Dell EMC PowerStore Delivers Premium Enterprise Storage Features at an Average Price

Free download

The Complete Guide to the Cloud Economy

Improve decision making, avoid risk, reduce costs, and accelerate cloud adoption

Free download

Transform your network with advanced load balancing from VMware

How to Modernize Load Balancing to Enable Digital Transformation

Free download