Cisco Talos reports on hidden text salting in emails—using CSS to conceal irrelevant content for evasion of spam detection. The technique recently highlighted shows frequent use in spam versus legitimate messages. Four key areas where salt is inserted include the preheader, header, attachments, and body of emails. Common methods involve manipulating CSS properties like font size, visibility, and display, complicating detection efforts. Hidden text salting undermines email security solutions and requires enhanced filtering and detection strategies to mitigate risks effectively.
Too Salty to Handle: Exposing Cases of CSS Abuse for Hidden Text Salting

