This post is also available in:
עברית (Hebrew)
Cybersecurity experts are raising concerns over a new email tactic that bypasses traditional spam filters and poses a serious risk to email users. This method, known as “text salting” or “poisoning,” involves embedding invisible characters into email messages, making them appear normal to human readers while evading detection by security systems.
In a typical case, an email may appear to be from a reputable company like Wells Fargo, but the underlying code is altered. The visible text reads “WELLS FARGO,” but hidden characters within the email make the underlying text look something like “WEqcvuilLLS FAroyawdRGO.” These hidden characters, although not visible to recipients, confuse email parsers and can bypass spam filters and other security tools.
Cisco Talos, which has been tracking these emerging threats, reports a rise in the use of text salting since mid-2024. Hackers use this technique to achieve three main goals: avoid detection by keyword-based spam filters, confuse language detection systems, and prevent security tools from decoding and analyzing malicious attachments.
One common approach involves manipulating well-known brand names. Fraudsters alter the name “Wells Fargo” using HTML and CSS to hide characters between the letters. These hidden characters allow the email to look legitimate to the user while bypassing security filters that scan for brand names.
Another tactic targets language detection systems. According to Talos, by inserting hidden French words, for example, into an English email, hackers can trick systems like Microsoft’s language detection module, allowing the spam to bypass security checks that rely on identifying the language of the content.
Lastly, hackers use this method to sneak past attachment filters. By adding irrelevant characters to HTML attachments, they make it difficult for security systems to properly decode the attachment, thereby increasing the likelihood of a successful attack.
To counter these sophisticated attacks, experts recommend advanced filtering systems powered by artificial intelligence. AI-driven tools can analyze CSS properties to identify concealed text. For individuals, a safer option is to view emails in plain text format, which eliminates many of the risks associated with HTML emails. This simple step can help protect against the growing threat of email-based scams.
