A newly emerging email-based threat making rounds on the web is the Email Salting Attack. This sophisticated cyber exploit leverages hidden text to bypass spam filters and security measures. According to a recent report by Cisco Talos, hidden text salting has become a growing concern, enabling phishing campaigns to impersonate brands like Wells Fargo and Norton LifeLock while evading detection mechanisms.
Key Takeaways
- Email Salting attacks are email threats where cybercriminals insert hidden text within emails to bypass spam filters.
- Threat actors can deploy several techniques to facilitate these attacks, including Hidden Text Salting, Bayesian Poisoning, Email Header Salting, etc.
- Email Salting can assist in the evasion of detection and delivery of phishing emails, ransomware, business email compromise, and social engineering attacks.
- Advanced filtering and visual content analysis technologies may be able to mitigate these attacks in the future.
- For the time being it’s important to enhance overall email security by deploying email authentication protocols like DMARC.
What is an Email Salting Attack?
In an Email Salting Attack, threat actors insert hidden text within an email in an attempt to bypass spam filters and email security mechanisms. However, salting is not always malicious. Traditional salting randomizes passwords and is an effective way to enhance password security. Email salting attack techniques differentiate themselves from safe salting methods by manipulating email content in deceptive ways.
Attackers use Email Salting techniques to:
- Evade spam detection by inserting invisible characters.
- Disrupt email analysis tools that rely on word patterns.
- Increase the likelihood of delivery into inboxes rather than spam folders.
Techniques Employed in Email Salting
1. Hidden Text Salting
In this technique, attacks insert hidden or obfuscated text into emails. These invisible messages can be:
- Hidden Unicode characters (zero-width characters) that can be inserted within words to bypass keyword-based filters.
- CSS properties can be easily manipulated to hide malicious texts. These include superficially harmless commands like display:none or font-size:0.
- White text written on a white background is undecipherable and appears invisible to the naked human eye. This is an easy way to hide malicious code or text.
2. Bayesian Poisoning
In this Email Salting attack technique, attackers insert random or benign words into malicious emails to bypass Bayesian spam filters. Bayesian filters rely on Bayesian probability to differentiate between email spam and genuine messages. Attacks aim to manipulate and bypass these filters by adding random, or often well-thought words that do not get flagged as spammy or appear malicious. This enables the Bayesian filters to trust that the email content is safe, letting it pass through.
3. Email Header Salting
Attackers can insert redundant or misleading information in email’s Reply-to or Return-path fields to modify email headers. This can result in malicious emails evading detection, and making emails appear more legitimate.
4. Unicode Homoglyph Attacks
Attackers can easily replace email content with characters that may appear similar to the naked eye, but not the same! This can include replacing “m” with “rn” which can sometimes work in evading spam detection filters while appearing more genuine.
Recent Email Salting Incidents and Trends
The latter half of 2024, and the beginning of 2025 marked a steep surge in Email Salting attack incidents. Most recently, Cisco Talos discovered a surge in phishing campaigns that used hidden text salting techniques to bypass security filters. This led to the impersonation of well-known brands and tricked victims into disclosing sensitive information.
Cisco Talos researchers have uncovered a sneaky trick cybercriminals are using to bypass email security. They’re manipulating HTML and CSS in emails—setting element widths to zero and using “display: hidden” to conceal parts of the message. They also insert invisible characters like zero-width spaces (ZWSP) to hide the real content. This confuses spam filters and security tools, allowing phishing emails that should go to the spam folder to slip into inboxes instead.
Implications for Email Security
Email Salting attacks pose a significant risk to email security and domain reputation. They can have several damaging effects including:
1. Phishing: Email Salting can facilitate phishing attacks, increasing the success rate of malicious emails reaching victims’ inboxes.
2. Ransomware: By allowing fraudulent messages to slip through, Email Salting attacks can lead to the spread of ransomware!
3. Social engineering: Email Salting can also facilitate social engineering tactics, making employees more vulnerable to fraud.
Email Salting Attack Mitigation Strategies
1. Advanced Filtering
Developing more advanced filtering mechanisms can prove to be a game-changer when it comes to email salting exploits. These would be capable of detecting hidden texts and unusual HTML structures. Security teams need to come up with more sophisticated mechanisms for text parsing that can help mitigate salting attacks.
2. AI and Machine Learning
With advancements in AI, the future looks hopeful when it comes to mitigating email salting threats. AI-driven tools can possibly help identify email salting attack trends. PowerDMARC’s Predictive Threat Intelligence analysis is one such feature that helps monitor and predict various types of email threat patterns.
3. Visual Content Analysis
Email security tools can hugely benefit from incorporating visual content analysis to detect concealed messages within emails. As cybercriminals insert hidden texts to facilitate email salting attacks – visual analysis can be a great way to detect these invisible anomalies.
Summing Up
It’s important to note that email salting attacks are simply a newly discovered email threat, with many more on the rise! Securing your email as a whole is a good starting point to increase security. By future-proofing your domain names you can protect your brand from the next big data breach or cyber exploit.
So get started today. Implement DMARC, SPF, and DKIM on your domain to safeguard your emails against impersonation. These authentication protocols are a great stepping stone to enhance your domain security and prevent a wide range of email-based cyber attacks. Sign up to take a free DMARC trial now!
- Email Salting Attacks: How Hidden Text Bypasses Security - February 26, 2025
- SPF flattening: What is it and why do you need it? - February 26, 2025
- DMARC vs DKIM: Key Differences & How They Work Together - February 16, 2025