Cybercriminals use a technique called “hidden text salting” to bypass spam filters and evade detection. This method has seen a surge in usage during the second half of 2024. Hidden text salting involves embedding non-visible elements within the source code of emails using HTML and CSS.
These hidden elements confuse email parsers, spam filters, and detection engines that rely on keywords. Attackers use various methods to implement hidden text salting:
– CSS manipulation to conceal malicious content
– Invisible characters between letters of brand names or keywords
– Irrelevant comments between base64-encoded characters within HTML attachments
– Unicode Soft Hyphens to separate letters, which are invisible to users but recognized by Secure Email Gateways
These techniques have proven effective in brand impersonation and evading keyword-based filters. Phishing campaigns targeting brands like Wells Fargo and Norton LifeLock have successfully used hidden text salting to bypass spam filters.
Attackers have also used hidden text to confuse language detection systems.
Hidden elements deceive spam filters
In one instance, emails targeting English speakers were misclassified as French by Microsoft’s Exchange Online Protection service due to embedded French text.
Hidden text salting plays a significant role in tactics like HTML smuggling, where attackers insert irrelevant comments within base64-encoded characters in email attachments to prevent parsers from correctly decoding content. The increasing use of hidden text salting has made traditional security measures inadequate. Experts recommend several advanced filtering techniques to counteract this growing threat:
– Developing more sophisticated filters capable of identifying suspicious use of CSS properties and unusual HTML structures
– Incorporating visual characteristics of emails during the detection process
– Employing AI and machine learning algorithms to detect patterns and anomalies indicative of hidden text salting
– Continuously updating security systems to recognize new variations of hidden text-salting techniques
Organizations must adapt to the rapidly changing threats posed by cybercriminals continuously refining their evasion methods.
Implementing AI-powered solutions can provide comprehensive protection against hidden threats by recognizing text and image-related risks. As the threat of hidden text salting shows no signs of abatement, the role of advanced email security technology becomes increasingly crucial for organizations of all sizes. The architecture of email security must evolve to stay one step ahead, safeguarding users from increasingly complex phishing threats.
Photo by Brett Jordan
