New Blog Post | Trend-spotting email techniques: How modern phishing emails hide in plain sight

%3CLINGO-SUB%20id%3D%22lingo-sub-2662602%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Trend-spotting%20email%20techniques%3A%20How%20modern%20phishing%20emails%20hide%20in%20plain%20sight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2662602%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Fig3-Page-source-of-the-isolated-HTML.png%22%20style%3D%22width%3A%20936px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F304208i7455BAF43D3E606C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fig3-Page-source-of-the-isolated-HTML.png%22%20alt%3D%22Fig3-Page-source-of-the-isolated-HTML.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F08%2F18%2Ftrend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETrend-spotting%20email%20techniques%3A%20How%20modern%20phishing%20emails%20hide%20in%20plain%20sight%20%7C%20Microsoft%20Security%20Blog%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22x-hidden-focus%22%3EWith%20the%20massive%20volume%20of%20emails%20sent%20each%20day%2C%20coupled%20with%20the%20many%20methods%20that%20attackers%20use%20to%20blend%20in%2C%20identifying%20the%20unusual%20and%20malicious%20is%20more%20challenging%20than%20ever.%20An%20obscure%20Unicode%20character%20in%20a%20few%20emails%20is%20innocuous%20enough%2C%20but%20when%20a%20pattern%20of%20emails%20containing%20this%20obscure%20character%20accompanied%20by%20other%20HTML%20quirks%2C%20strange%20links%2C%20and%20phishing%20pages%20or%20malware%20is%20observed%2C%20it%20becomes%20an%20emerging%20attacker%20trend%20to%20investigate.%20We%20closely%20monitor%20these%20kinds%20of%20trends%20to%20gain%20insight%20into%20how%20best%20to%20protect%20customers.%3C%2FP%3E%0A%3CP%20class%3D%22x-hidden-focus%22%3EThis%20blog%20shines%20a%20light%20on%20techniques%20that%20are%20prominently%20used%20in%20many%20recent%20email-based%20attacks.%20We%E2%80%99ve%20chosen%20to%20highlight%20these%20techniques%20based%20on%20their%20observed%20impact%20to%20organizations%2C%20their%20relevance%20to%20active%20email%20campaigns%2C%20and%20because%20they%20are%20intentionally%20designed%20to%20be%20difficult%20to%20detect.%20They%20hide%20text%20from%20users%2C%20masquerade%20as%20the%20logos%20of%20trusted%20companies%2C%20and%20evade%20detection%20by%20using%20common%20web%20practices%20that%20are%20usually%20benign%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2662602%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Defender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20for%20Office%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Fig3-Page-source-of-the-isolated-HTML.png

Trend-spotting email techniques: How modern phishing emails hide in plain sight | Microsoft Security...

With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscure character accompanied by other HTML quirks, strange links, and phishing pages or malware is observed, it becomes an emerging attacker trend to investigate. We closely monitor these kinds of trends to gain insight into how best to protect customers.

This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight these techniques based on their observed impact to organizations, their relevance to active email campaigns, and because they are intentionally designed to be difficult to detect. They hide text from users, masquerade as the logos of trusted companies, and evade detection by using common web practices that are usually benign

0 Replies