Search
Close this search box.

ZeroFont: How This Vulnerability Slips Past Google and Microsoft Filters

Share:

You may not realise it, but your email does a great job at filtering out scams for you. By using filters that search for certain markers, the vast majority of phishing emails get marked as spam and you never see them.

This filtering does a great job of protecting users, especially those who haven’t had much anti-phishing training. Someone can’t get tricked by a phishing email if they never receive it, can they?

Hackers aren’t fans of these pesky filters, and they are always trying to find new ways to get around them. After all, these filters are seriously limiting their ability to make money through scams.

There are a range of techniques that they use to try and beat the filters, but one that we’ve seen pop up more frequently this year is called ZeroFont. It’s an old technique, but it’s proven itself particularly adept at fooling Microsoft Office 365’s filters.

How Does ZeroFont Work?

Microsoft uses natural language processing as part of its defence against spam. It searches through emails for any signs of fraud or deception, analysing the context of the email body alongside the entity that sent it. It carefully scrutinises emails that ask for passwords to be reset, bank details to be entered, or other major changes, in order to verify whether an email is in fact legitimate.

If you receive an email that says Copyright Facebook Inc. at the bottom, but it hasn’t been sent through Facebook’s legitimate channels, the natural processing filter will think something dodgy is going on and mark the email as a scam, keeping it from entering the inbox.

These days, natural language processing is pretty effective, which has driven attackers to find creative ways of getting around it. With ZeroFont, they use an old trick to make Microsoft’s filters see something different to what the user will see. They take something like Copyright Facebook Inc., and throw in a bunch of letters set at size zero amongst them.

By doing this, Microsoft’s filters will read something like:

Copyjhdfkljhalds rightlkqwehFace kjaslk bookieuw rioy Incmwe.

You will see this:

Copyright Facebook Inc.

The above sentence might not raise any alarm bells for the filter, so it lets the email go through to the recipient’s inbox. When the recipient opens the email, they can’t see all of the size zero letters that the filter can, and instead they see Copyright Facebook Inc.

Attackers create entire emails using this technique, splitting up their phishing email with size zero text to trick the filters. By doing this, something as blatant as the following might be able to get through:

Hello friend,

I am a Nigerian Prince and I need your help. I have $10 million, but I am having difficulty getting it out of my country. If you will please help me by sending $5000 to account no. 9874317749, I will be able to get the money out of my country. For your help, I will happily reward you with $1 million for being such a good person.

With all of the size zero font, Microsoft’s filters will be reading something completely different. Even though they are well tuned to look for scams in normal text, when it is broken up with other characters, the job becomes much more challenging and phishing emails manage to slip past.

Protecting Your Business

Your filters are great at removing most phishing emails, but techniques such as ZeroFont can still be used to get some through. That’s why it’s important for all of your staff to have comprehensive cyber security training. This training can help your employees identify common attacks like phishing and show them the best practices to follow. Contact Gridware to make sure your employees know how to keep safe from phishing.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →