Recent findings from Cisco Talos reveal a growing trend of malicious actors utilizing Cascading Style Sheets (CSS) to bypass email spam filters and compromise user privacy. By embedding hidden CSS properties, attackers can track user interactions even in environments that limit dynamic content. This exploitation unfolds through techniques that involve concealing content in emails, potentially redirecting victims to phishing sites. Furthermore, the ability to fingerprint users based on email client characteristics exemplifies the evolving tactics in cyber threats.
The features available in CSS allow attackers and spammers to track users' actions and preferences, even though several features related to dynamic content are restricted in email clients.
These campaigns aim to redirect email recipients to phishing pages using CSS properties like text_indent and opacity to conceal irrelevant content.
This abuse can range from identifying recipients' font and color scheme preferences and client language to even tracking their actions, such as viewing or printing emails.
CSS provides a wide range of rules and properties that can help spammers and threat actors fingerprint users, their webmail, or email clients.
Collection
[
|
...
]