What Is a Zero-Font Tactic in Email Phishing Scams?

E-mail Popup Warning Window Concept

As email providers add better cybersecurity measures to stop malicious emails from reaching your inbox, malicious agents work just as hard to avoid such countermeasures. Such is the case of the zero-point tactic, which uses smart manipulation of the email’s font to get emails past the spam filters and into your inbox.

Let’s explore what the zero-point tactic is, what it achieves, and how you can stay safe.

What Is the Zero-Font Tactic in Phishing Emails?

The zero-font tactic is a trick some malicious agents use to heighten the chance that your email provider doesn’t flag the agent’s emails as spam. The agents achieve this by typing text into the email and setting the font size to 0.

When a font’s size is set to 0, it disappears from view. This means that people reading an email that uses the zero-font tactic won’t even notice the words are there.

However, the text is still “there” within the HTML code that makes up the email. Because your email provider uses the HTML code to display the email for you, the email service you’re using can “read” the zero-font text just fine despite it being invisible to you.

What’s the Point of Using Zero-Font Text in Emails?

It may seem odd that malicious agents are adding text to emails that you can’t even read. However, the text is more meant to be “read” by the email software than by you.

There are two ways in which people can use zero-font text to trick you into clicking links in their emails: spam detection evasion and creating false antivirus scan positives.

1. How Zero-Font Text Tricks Email Spam Detection

Have you ever wondered how your email provider knows which emails are legitimate and which are spam? There’s a lot of thought and technology that goes into the process, but one of the simpler methods is identifying text within the email and blocking it if it contains illicit or deceitful content.

Zero-font tactics can skirt these scans by adding “junk text” to the email, thus clogging up the scan.

For example, let’s say a malicious agent wanted to impersonate Microsoft but knew if they started signing emails as if they were Microsoft, the scam detection systems would go off. To avoid this, they would pepper sensitive words in the email with lots of random zero-font text. When the scammer claimed they were from “Microsoft Corporation,” they broke up the words “Microsoft” and “Corporation” with lots of junk text at a font size of 0.

As a result, when the email provider scanned the email’s HTML, it didn’t see the words “Microsoft Corporation” at all. Instead, it saw a jumble of letters that didn’t spell anything important. It’s when the email provider then rendered the zero-font text for the reader that the junk text vanished, showing the words “Microsoft Corporation” to the victim.

2. How Zero-Font Text Creates Faked Antivirus Scan Results

The other method uses zero-font text to add words to the email’s text preview. If you open up your email provider’s software or website, you’ll likely see that the emails in your inbox show three pieces of data: the sender, the topic, and then a preview of the start of the email, so you know what the email is about.

Because this preview is generated via the HTML code, hackers can add zero-font text to the start of the email, which will show up in the preview. However, when the victim clicks on the email, the text is nowhere to be seen.

For example, a scammer writes a fake result from an antivirus scan and added it to the top of the email in zero-font text.

When the email arrived in the victim’s inbox, the email preview displayed the fake scan result and gave the victim a false sense of security that the links within the email had been scanned and found to contain no viruses. When the victim then opens the email, the zero-font text vanishes from view, leaving only the scammer’s advertisement in its place.

How to Avoid Zero-Font Attacks

Fortunately, while zero-font attacks may sound scary on paper, they’re merely ways to trick spam filters and readers. As such, the main way to avoid a zero-font attack is to practice good email cybersecurity habits when reading an email.

Always keep in mind the top signs of a phishing scam. Familiarize yourself with some examples of fraud and phishing emails, and remember that just because an email is in your inbox and claims it has been virus-scanned doesn’t mean it’s safe to click. If you keep these things in mind, you can spot a scam email in your inbox and avoid its wily ways.

Stay Safe From Zero-Font Tactics

While zero-font tactics are sneaky, the best way to avoid falling for them is the same as any scam email. Keep your eyes peeled, and don’t believe everything you see.

WAMS, Inc.

The experts at WAMS, Inc. all have a background in the legal industry and understand the software and the demands that come along with it. That’s why all our clients receive a dedicated account manager and engineer with specific planning that works for your business needs. We didn’t break into the tech world to pinch pennies from clients. We go into every partnership to help their business scale gracefully. Your company growth is our company growth, always.