Phishing attacks is something that is very present on the Internet. It is undoubtedly one of the most important threats and that we must take into account to avoid it. Hackers use techniques to steal passwords and credentials that they refine over time. Today we echo how they use invisible texts to carry out Phishing attacks without being detected. We are going to explain what it consists of.
Invisible text to strain Phishing
Phishing , as we know, is a type of attack that cybercriminals use to steal passwords. They usually include a malicious link that we receive via email, social media, or messaging applications. It basically consists in that we access that link and instead of going to a legitimate site we are entering a website controlled by the attackers. They can also attach a malicious file that the victim downloads.
Now, email providers have more and more functions to detect these attacks. This allows that malicious e-mail never reaches our mailbox. But of course, hackers also come up with new formulas to achieve their goals. It seems that one of the last is to include text invisible to the human, but readable for a machine.
This has been discovered by Inky Technologies . They have observed that there are Phishing emails that include hidden text visible to secure email gateways but totally invisible to the user. What they are looking for is simply to fool the security controls in charge of filtering messages based on text and sequences, but without drawing the attention of users.
According to them, it is a new technique with which scammers are exploiting the complexity of Unicode / HTML to embed invisible text in an email to confuse the security system. There is code in Unicode that is invisible, that has no visual representation.
Undetectable to the user
This makes it undetectable to the average user . The victim will not know that Unicode code is actually being hidden in that e-mail. He has no knowledge to be able to recognize that there is something beyond what he sees.
So how could we avoid this? How can you improve email security? That’s where Artificial Intelligence and Machine Learning come into play. These are two terms that are increasingly present in cybersecurity. The goal is to improve computer security in circumstances like the one we mentioned.
What they would do is compare and contrast two versions of email. One of them would have the built-in plain text version and the other would be the one visible to the user. In this way they could detect differences.
Ultimately, hackers are refining their techniques for carrying out phishing attacks. It is important that we always keep common sense present, that we do not make mistakes and in this way avoid being victims of identity theft. We leave you an article where we explain tips to detect Phishing attacks.