ZeroFont Phishing Attack Bypasses Office 365 Security

ZeroFont phishing attack image

A new dangerous hacker tactic has been identified as the ZeroFont phishing attack which is responsible for infections caused by Office 365 manipulation. This is done by using social engineering tactics that manipulate the users into interacting with attached documents containing zero-size fonts. This technique has proved successful and is being leveraged in an ongoing attack against targets worldwide.

ZeroFont Phishing Attack Leverages Office 365 against Users

The security researchers that revealed information on the ZeroFont phishing attack showcased that the main delivery method are direct messages that have been able to fool several anti-SPAM filters. Recipients receive email messages that look like legitimate notifications from popular services. The hackers use text and graphics taken and design the emails using the same methods. The phishing attack is marked unique as it uses an entirely new way of scamming people into interacting with the dangerous elements. According to the researchers one of the key characteristics is the use of Office 365 as the cloud service. The following steps are made by the hacker operators behind the campaign:

  1. The criminals look orchestrate the campaign against Office 365 email users. They may profile them using harvested information or work together with groups that have their personal information in order to create personalized mesages.
  2. The messages are sent to Office 365 servers and bypass Microsoft’s algorithms by using a natural language processing bypass.
  3. The users receive messages in their Inbox that appear as standard security notifications.

The most concerning fact is that the hackers have been able to discover a way to go around Microsoft’s SPAM filters. This is done by emulating the design elements of real legitimate messages such as the watermarks, copyright notices and etc. The messages are constructed so that they can correlate with the sender and recipients, as well as (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: