Cybercriminals have been utilizing a new technique known as “hidden text salting” to outsmart spam filters and avoid detection, leading to a noticeable increase in its usage during the latter part of 2024. This approach involves embedding non-visible elements within the source code of emails using HTML and CSS.
The purpose of these hidden elements is to confuse email parsers, spam filters, and detection engines that typically rely on keywords to identify malicious content. Attackers have devised various methods to implement hidden text salting, such as CSS manipulation to conceal harmful material, inserting invisible characters between letters of brand names or keywords, incorporating irrelevant comments within HTML attachments, and using Unicode Soft Hyphens to separate letters invisibly.
The effectiveness of these techniques has been demonstrated in brand impersonation and avoiding keyword-based filters, with phishing campaigns targeting prominent brands like Wells Fargo and Norton LifeLock successfully bypassing spam filters through hidden text salting.
Additionally, cybercriminals have also employed hidden text to throw off language detection systems. For example, emails aimed at English-speaking individuals were mistakenly classified as French by Microsoft’s Exchange Online Protection service due to embedded French text.
Hidden text salting plays a crucial role in tactics like HTML smuggling, where attackers insert irrelevant comments within base64-encoded characters in email attachments to hinder the accurate decoding of content by parsers. The increased use of hidden text salting has rendered traditional security measures insufficient, prompting experts to suggest employing advanced filtering techniques to combat this escalating threat.
These advanced filtering techniques include the development of more sophisticated filters capable of identifying suspicious CSS properties and unusual HTML structures, incorporating visual features of emails during the detection process, utilizing AI and machine learning algorithms to detect patterns and anomalies indicative of hidden text salting, and continuously updating security systems to recognize new variations of these techniques.
As cybercriminals constantly refine their evasion methods, organizations must adapt to the evolving threat landscape by implementing AI-powered solutions to provide comprehensive protection against hidden threats. The role of advanced email security technology becomes increasingly pivotal in safeguarding users from complex phishing threats associated with hidden text salting.
In light of the persistent threat posed by hidden text salting, organizations of all sizes must evolve their email security architecture to stay ahead and ensure effective protection against sophisticated cyber threats. By recognizing and addressing text and image-related risks, organizations can mitigate the risks associated with hidden text salting and other advanced cyberattack techniques.