Attackers hide random text in phishing scams by setting font size to zero to confuse AI powered email defenses
Barracuda researchers have detected more than a million phishing attacks using an evasion tactic developed years ago to bypass traditional spam filters by diluting the impact of suspicious words. A new report details how the tactic, known as ‘text salting,’ involves inserting large volumes of unrelated, benign text into an email and then hiding it in a way that allows it to be scanned by security tools while remaining invisible to the email recipient – who sees only the intended phishing content.
The goal is to trick security tools into classifying the email as harmless by disrupting red flag phrases or watering down the concentration of scam-associated words such as “urgent,” “rewards”, “expires” etc.
In their analysis of the retail-themed scam, Barracuda researchers found text salting techniques that included reducing the visible viewing window by 100% or indenting the text So far to the right of the frame that it can’t be seen by the recipient.
Attackers also injected text directly into words or sentences with their font size set to zero, or fragmented HTML streams with non-standard terms to evade signature-based filters Looking for exact phrases. For instance, the HTML text could read “Your pass [random text with a zero-font size] word expired.” Scanners looking for the phrase “Your password expired” will fail to trigger.
The hidden content included random stories, generic conversation or project-style notes adding high counts of positive words such as puppy, training, notes, task, rhythm, and book, to reduce the impact of suspicious words. Meanwhile, the visible message features an urgent retail-themed lure, such as expiring rewards, points, or gift card offers.
Over the last year, Barracuda’s researchers have seen an escalation in the use of text salting to confuse not just language detection and keyword analysis, but also machine learning models and, increasingly, LLM-based security tools into misclassifying phishing or spam messages as legitimate and allowing them to be delivered to recipients.
What makes AI-powered email security systems vulnerable to these techniques
Hidden text can alter how a large language model (LLM) interprets an email. LLMs process all aspects of the email content equally – including the hidden text – and uses this to assess the email’s intent, sentiment, purpose and risk level. With large volumes of unrelated benign text, the model is more likely to misclassify the email as benign.
AI also makes it easier and faster for attackers to automatically create endless, normal-sounding paragraphs about random topics for free. Every single phishing email can completely different, making them impossible to track.
“Hidden text techniques are seeing a resurgence in the age of AI,” said Pranati Sethi, Senior Threat Analyst, Barracuda. “The techniques manipulate how both traditional and AI security tools interpret an email, while generative AI makes text-salting campaigns cheap, scalable and highly varied.”
Researchers recommend robust a layered approach to email security that doesn’t rely solely on keyword detection, but evaluate message structure, sender reputation, behavioural anomalies, authentication results, embedded links, HTML rendering techniques and the user-visible content. This should be underpinned by user education on the red flags for phishing emails such as unexpected offers or messages demanding immediate action.
