2 min read

Old text-salting tricks are fooling AI email filters

Barracuda says attackers have sent more than 1 million retail-themed phishing emails since April using text salting to confuse AI-driven filters.

Image: The Register

Decades-old text salting tricks are still slipping past some modern email defenses, and Barracuda says the problem now extends to machine-learning and LLM-based email filters.

The security firm said on Thursday that it had detected more than one million retail-themed phishing attacks using text salting since April. The technique is familiar from earlier generations of secure email gateways: attackers pack messages with random, harmless-looking words so automated systems misread the email as benign.

Barracuda says attackers usually hide that filler text from human recipients while leaving it available to scanners. According to the company, the most common methods are:

  • CSS cropping, which shrinks the visible area so users do not see the hidden text
  • Text manipulation that pushes the salted copy outside the visible screen
  • Zero font techniques that insert misleading words between phishing content in ways machines can read but humans cannot

The result is an email that appears normal to the target but looks less malicious to an automated filter. Barracuda said modern email security tools have generally adapted by stripping hidden text, comparing visible and hidden content, and flagging messages packed with concealed material. But it argues that AI-based systems have not consistently caught up.

“Text salting and related techniques can be used to confuse AI-driven content analysis engines by flooding the email with random terms that encourage the AI system into making an incorrect classification decision.”

Barracuda

Barracuda said LLMs typically process an email’s text and source code as-is, without understanding whether content is actually visible to a user. While those models can be trained to make that distinction, the company suggests many tools are not doing so by default.

Recommended reading

Zoom patches Windows flaw rated 9.8 for account takeover

Its recommendation to enterprises is a layered email security approach rather than relying on keyword detection alone, including checks on sender reputation, authentication results, embedded URLs, HTML-rendering techniques, and differences between visible and hidden content.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via The Register

// Keep reading