Cybercriminals Use CSS to Bypass Spam Filters and Spy on Email Users

Cybercriminals are now leveraging Cascading Style Sheets (CSS) to bypass spam filters and monitor email users’ actions, according to a new report from Cisco Talos. By exploiting CSS properties like text-indent and opacity, attackers can hide malicious content within emails, making it invisible to recipients but effective in evading detection engines. These tactics, often combined with HTML tricks, allow threat actors to redirect users to phishing pages or gather sensitive data.

The report highlights how CSS’s @media rule enables attackers to fingerprint users’ environments, tracking details like screen size, resolution, and even actions such as viewing or printing emails. “CSS provides a wide range of rules that help spammers fingerprint users, their email clients, and their systems,” said Omid Mirzaei, a Talos researcher. This abuse of CSS not only compromises privacy but also opens the door to sophisticated phishing campaigns.

According to a new report from Cisco Talos, cybercriminals are now leveraging Cascading Style Sheets (CSS) to bypass spam filters and monitor email users’ actionsTo combat these threats, cybersecurity experts recommend implementing advanced filtering mechanisms to detect hidden text and concealed content. Additionally, using email privacy proxies can help mitigate risks. As email threats grow more sophisticated, staying informed and adopting robust security measures is crucial for protecting sensitive information.
Source.