AIToday

Old email tricks fool AI spam filters, Barracuda warns

Hacker News9h ago
Old email tricks fool AI spam filters, Barracuda warns

Key takeaway

Attackers are using text salting—a decades-old technique that embeds hidden, harmless-looking words in emails—to fool AI-powered email filters while keeping messages readable to humans. Barracuda detected more than one million such phishing attacks since April and found that LLM-based security tools, unlike traditional filters, typically lack the ability to distinguish between visible and hidden text, making them vulnerable to the same tricks that older email gateways learned to block long ago.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    Cybersecurity firm Barracuda detected more than one million retail-themed phishing attacks using "text salting" since April. The technique hides random harmless words in emails via CSS cropping, text manipulation, or zero-font techniques to confuse AI-powered email filters while remaining invisible to human readers.

  • Why it matters

    LLM-based and machine-learning email security tools process text without understanding whether it is visible or hidden to users, making them vulnerable to decades-old tricks that traditional secure email gateways have largely adapted to. Enterprises relying on AI alone for email security may be exposing employees to phishing attacks that pass through their filters.

  • What to watch

    Barracuda recommends a layered approach to email security that checks sender reputation, authentication results, embedded URLs, HTML-rendering techniques, and differences between user-visible and hidden content rather than relying solely on keyword detection.

In Depth

Barracuda, an email security company, issued a report on Thursday detailing how text salting—a venerable email evasion technique—continues to fool modern AI-powered email filters. Since April, Barracuda has detected more than one million retail-themed phishing attacks leveraging this method. Text salting works by embedding random, benign-sounding words throughout a malicious email to confuse automated scanning systems into misclassifying the message as legitimate. To prevent human readers from becoming suspicious, attackers employ three primary concealment methods: CSS cropping shrinks the visible window so hidden text remains off-screen; text manipulation shifts filler content beyond the visible area; and zero-font techniques insert misleading words in invisible font between visible phishing content. The result is an email that appears harmless and filled with gibberish to a machine but reads exactly as the attacker intended when opened by a person. Traditional secure email gateways have developed robust defenses against these tricks over the years, incorporating hidden-text removal and alerting mechanisms. LLM-based and machine-learning email security tools, however, have not kept pace. According to Barracuda, these systems are typically designed to process email text straightforwardly without understanding whether content is visible or hidden to the user. While they could theoretically be trained to distinguish visible from hidden text, most deployed tools apparently do not perform this task by default. Barracuda recommends that enterprises adopt a layered email security approach rather than relying solely on keyword detection, including checks of sender reputation, authentication results, embedded URLs, HTML-rendering techniques, and the detection of discrepancies between user-visible and hidden content.

Context & Analysis

Text salting is not a new attack vector; it has been used against traditional secure email gateways for years and is rooted in early 2000s spam-evasion techniques. Modern email security systems have largely adapted to these tactics by implementing defenses such as hidden-text removal, alerting on suspicious volumes of concealed content, and other countermeasures. However, the shift toward LLM-based and machine-learning security tools has created a regression: these newer AI systems process email content without inherent awareness of the distinction between visible and hidden text. While they can theoretically be trained to make this distinction, most deployed tools apparently lack this capability by default. The result is that attackers have found a way to exploit a gap in AI's capabilities that older, more specialized security software had already closed, exposing enterprises that have adopted AI-only or AI-dominant email filtering strategies to an old threat wearing new clothes.

FAQ

What is text salting and how does it hide from humans?
Text salting peppers malicious emails with random, harmless-seeming words. Attackers use CSS cropping to hide text outside a visible window, text manipulation to move filler content off-screen, or zero-font techniques to insert misleading words between visible phishing copy—so machines see gibberish and ignore the email as benign, while humans see only the attacker's intended message.
Why do AI email filters fall for text salting when older filters don't?
LLMs and machine-learning systems are typically designed to process email text plainly with no understanding of whether text is visible or hidden to the user; they can be trained to detect hidden content, but most tools probably aren't doing that by default, according to Barracuda.
How many phishing attacks used text salting?
Barracuda detected more than one million retail-themed phishing attacks using text salting since April.

Get AI news like this every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No discussion yet for this article

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →