Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
Malicious phishing messages used in the new attack were found to have included a message indicating a scan by "Isc Advanced Threat protection" in the email listing pane but not in the preview or reading pane, which was achieved by attackers through the use of ZeroFont to conceal the fraudulent security scan message while evading Outlook security detection, a report from ISC Sans analyst Jan Kopriva showed.
With the legitimacy established by the malicious security scan message increasing the likelihood of opening and engaging with the phishing content, users have been urged to be more vigilant of such emails, which could also be used to target other email clients.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news