darkreading.com

Soft hyphens in email subject can fool email filters for a successful phishing attack From [https://www.darkreading.com/attacks-breaches/attackers-use-unicode-and-html-to-bypass-email-security-tools/d/d-id/1338739](https://www.darkreading.com/attacks-breaches/attackers-use-unicode-and-html-to-bypass-email-security-tools/d/d-id/1338739) >the attacker had written such phrases as "c-h-a-n-g-e- -y-o-u-r- -p-a-s-s-w-o-r-d-." To a user they appear as normal; to a scanner they may not raise any flags because its pattern-matching settings aren't configured to look for this type of content. > >"The fact that they render invisible is this weird quirk of Unicode," says Dave Baggett, founder and CEO at Inky. "Clearly, the attacker knows a lot about Unicode and is being quite smart in crafting this." He notes there were about 10 Unicode characters included in this email alone. > >This wasn't the only new technique seen in this Office 365 [phishing email](https://www.darkreading.com/endpoint/fight-phishing-with-intention/a/d-id/1338266), a type of malicious message Baggett describes as "rampant." When the attacker typed "Office 365," for example, they used the HTML <font> to make it look like logotype. This big red text in the upper left corner is common in Office 365 phishing, he says, and people often register the text as a logo.

Soft hyphens in email subject can fool email filters for a successful phishing attack From [https://www.darkreading.com/attacks-breaches/attackers-use-unicode-and-html-to-bypass-email-security-tools/d/d-id/1338739](https://www.darkreading.com/attacks-breaches/attackers-use-unicode-and-html-to-bypass-email-security-tools/d/d-id/1338739) >the attacker had written such phrases as "c-h-a-n-g-e- -y-o-u-r- -p-a-s-s-w-o-r-d-." To a user they appear as normal; to a scanner they may not raise any flags because its pattern-matching settings aren't configured to look for this type of content. > >"The fact that they render invisible is this weird quirk of Unicode," says Dave Baggett, founder and CEO at Inky. "Clearly, the attacker knows a lot about Unicode and is being quite smart in crafting this." He notes there were about 10 Unicode characters included in this email alone. > >This wasn't the only new technique seen in this Office 365 [phishing email](https://www.darkreading.com/endpoint/fight-phishing-with-intention/a/d-id/1338266), a type of malicious message Baggett describes as "rampant." When the attacker typed "Office 365," for example, they used the HTML <font> to make it look like logotype. This big red text in the upper left corner is common in Office 365 phishing, he says, and people often register the text as a logo.