New Phishing Tactic Uses Fake Fonts to Evade Detection

Threat actors are obfuscating the source code of phishing websites through the use of custom fonts and a character substitution cipher, making the code appear as clear text. These websites are fraudulent login pages for various accounts, meant to steal the credentials of victims who attempt to log in. Additionally, the actors use imagery in SVG (scalable vector graphics) format, which allows the images to be rendered through code and helps to further evade detection. According to Proofpoint, threat actors used this technique in a credential compromise campaign against a major US retail bank. The NJCCIC recommends reviewing the Proofpoint analysis and educating end users on phishing tactics and schemes, reminding them to avoid clicking on links in emails to visit websites requiring the input of account credentials and, instead, manually type the URL of the website into the address bar of their browser.

AlertNJCCICphishing, Campaign