07 JANUARY 2019
Latest Phishing Scam Is Hiding Behind Custom Fonts
Researchers have discovered yet
According to cyber security researchers at Proofpoint, the new phishing method, targeting a major US bank with hopes of obtaining credentials, uses a ‘never-before-seen’ technique that takes advantage of custom fonts to evade detection. Once the phishing link has been accessed, the victim is led to an official ‘looking’ login page for the US bank – but in actual fact, includes encoded display text (even after being copied and pasted into a word file) and is set-up to steal your data.
Code snippet from phishing landing page with encoded display text
“Threat actors continue to introduce new techniques to evade detection and hide their activities from unsuspecting victims, security vendors, and even from savvy organizations proactively searching for brand abuse. In this case, actors developed a phishing template that uses a custom web font to implement a substitution cypher, among other techniques, to render well-crafted phishing pages for credentials to a major US bank. While the substitution cypher itself is simple, the implementation via web font files appears to be unique, giving phishing actors yet another technique to hide their tracks and defraud consumers.”