Hackers exploit CSS to bypass email security filters
Cybercriminals are finding new ways to trick users and bypass email security. They are now using CSS, a language commonly used for web design, to track victims and lead them to phishing sites. Researchers from Cisco Talos have reported that hackers are misusing CSS in emails. This tool is typically used to format the appearance of emails. Although CSS is harmless on its own, it can be exploited by attackers to gather information about users. CSS allows attackers to hide content and monitor actions, such as whether a recipient opens or prints an email. This can help them target specific individuals more effectively. The report highlights that hidden text techniques and SVG files are also being used in these attacks. To combat this threat, experts recommend that IT teams employ advanced filtering methods. These methods should examine the design and structure of HTML emails, in addition to their content. They suggest looking for unusual use of CSS properties, such as those that make text invisible. Implementing AI tools for email protection is also advised.