Phishing Attack Hides Malicious Emails with Invisible Characters

Home/Cybersecurity, Internet Security, malicious cyber actors, phishing, Secuirty Update, Security Advisory, Security Update/Phishing Attack Hides Malicious Emails with Invisible Characters

Phishing Attack Hides Malicious Emails with Invisible Characters

Cybercriminals are using a new phishing technique that hides invisible characters in email subject lines to bypass automated security filters.

The attack uses MIME encoding and Unicode soft hyphens to make the subject appear normal to human readers while concealing malicious intent from email scanners.

This method targets email filters that rely on keyword detection and pattern matching, representing a more advanced social engineering tactic. Researchers noticed the campaign when subject lines looked garbled or incomplete in the inbox, but displayed normally once the email was opened.Invisible characters are strategically placed to break up keywords and avoid detection.

The campaign mainly aims to steal login credentials through fake webmail pages, sending subjects like “Your Password is about to Expire,” where the invisible characters hide the trigger words from security systems.

The phishing emails send recipients to fake websites designed to capture login details.

Analysts at the Internet Storm Center spotted this tactic while reviewing malicious messages, noting that invisible characters were being used in subject lines—an uncommon twist compared to the usual use in email bodies.

How it works:

Attackers use MIME encoded-word formatting (RFC 2047) to hide the characters. The subject line follows this pattern:

encoded-word = "=?charset?encoding?encoded-text?="

Here, the content is UTF-8 text encoded in Base64.

Captured examples show headers like:

Subject: =?UTF-8?B?WcKtb3XCrXIgUMKtYXPCrXN3wq1vwq1yZCBpwq =?UTF-8?B?dMKtbyBFwq14wq1wwq1pcsKtZQ==?=

Decoded MIME header shows a Base64 subject containing embedded soft hyphens (Internet Storm Center).

When decoded, soft hyphen characters (Unicode U+00AD) are inserted between letters, breaking up recognizable keywords to evade email filters.

Soft hyphens are invisible in most email clients (including Outlook), so they break keywords at the code level—making “password” unreadable to scanners while still appearing normal to users. Attackers also hide these characters inside message bodies to bypass content filters. The phishing links point to compromised legitimate sites that host fake webmail login pages to harvest credentials.

Post Views: 172
By | 2025-10-29T13:22:02+05:30 October 29th, 2025|Cybersecurity, Internet Security, malicious cyber actors, phishing, Secuirty Update, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!