I’m simultaneously amused and puzzled when I receive a phishing email, purporting to be from someplace average people expect emails from – the Postal Service, a bank, etc. – but then has odd fonts, weird use of bolding, etc.
I know reliably to not even open the email (never mind any attachments) as soon as I see these in the preview. So why do it?
I know some spammers use non-standard fonts and characters to get around spam filters looking for references to Viagra and the like. But if you’re pretending to be an institution like Bank of America or USPS, funky bolding and odd font changes make it clear the writer isn’t an institution but should be in one.
I don’t know if it’s true or not, but I asked a similar question years ago and someone mentioned that they do that knowing that most people will automatically delete the email. But the ones who open, read and respond to an email that looks like that are much more likely to be duped out of their money. IOW, it filters out the people that aren’t going to fall for their scam.
My dad damn near wrecked his computer on that one. I happened to look over at his screen and told myself ‘nah, he wouldn’t click on that’ and kept walking. A few minutes later he’s got some ransomware on his system. When I asked him what he did, he said he got an email from the post office. Now, he’s not some elderly old man. He’s plenty smart, not elderly, running a successful business etc but it took a lot of convincing for me to get him to understand that the post office doesn’t email you when they have a package…they deliver it. The post office doesn’t even have your email address.
Actually,the USPS have a service called Informed Delivery. You do have to sign up for it but you get a emailed daily report of expected deliveries for that day.
A new phishing campaign that uses a custom font to hide its tracks and evade detection has been uncovered.
Security house Proofpoint reports this week that miscreants hoping to steal login credentials from customers of “a major retail bank” were able to hide their phishing emails from automatic detection tools by seemingly scrambling their messages into gibberish. Once rendered in an email client, the messages appear as coherent text, thanks to a custom font unscrambling the letters.
Proofpoint said the phishing campaign has been in operation since at least May 2018, and is still active.
Here’s how it works: the page loads a custom font that would, for example, draw the “A” as “E”, “B” as “H”, and so on. This creates a primitive substitution cipher fooling security tools looking for certain keywords, as the software would only observe a set of random letters, but the user would see readable text. Of course, this requires victims’ email clients to be configured to download and render custom fonts.
When I used the Postal Service website to change my mailing address, it automatically enrolled me in Informed Delivery. It may have been a checkbox option of some sort, but I didn’t specifically sign up for it and was surprised when I started getting pictures of my mail via email.
Yeah, I have that* but this was before informed delivery and even with informed delivery it’s, for the most part, a similar email at about the same time every day. In his case, it was just a random 'you have a package at the post office. Here, click on this link!"
** I love having informed delivery. Not that the 30 feet to my mailbox is all that big of a deal, but it’s nice to know that I don’t have mail or that it’s just junk mail today and I can safely ignore it until some other time.
This Informed Delivery sounds like it could be most useful if one receives one’s mail at a PO box, so you only need to hie yourself to the Post Office when you know there’s something there for you.
Does this work only for First Class Mail? ISTM I saw some blurb somewhere about this applying when you get a package. But I may be mixing that up with some other service.
In some cases, the change of fonts, style etc, especially where it happens mid-word, is done to confound spam filters - not all of them render down to plain text - anything that’s working on the raw message will tend to see banana as two separate words.
Also, some of what looks like weird fonts may actually be non-Roman alphabets - for example there are Cyrillic letters that look very similar, but are completely different characters - for example:
This is not a lower case B, but is something called a ‘soft sign’ (modifies the sound of the preceding consonant): ь
This is not a lower case letter P, but a rolled R: р
