Cybersecurity researchers report a surge in phishing attacks using text salting, a longstanding technique that confuses AI-based email filters by inserting benign but misleading text designed to evade detection.

  • Text salting hides phishing content with random benign words to confuse AI filters.
  • More than one million retail-themed salted phishing emails detected since April.
  • Layered email security recommended beyond sole reliance on AI filtering.

What happened

Cybersecurity firm Barracuda has detected a notable increase in phishing attacks leveraging the text salting technique against AI-based email filters. This method involves embedding random, harmless-seeming words within malicious emails, misleading AI systems into classifying the messages as safe. Although text salting is a decades-old tactic previously used to evade traditional secure email gateways, it is now proving effective against modern AI-driven filters, including those powered by large language models (LLMs).

Attackers employ several sub-techniques, such as CSS cropping to hide text from human readers, manipulating text to move the filler words outside the visible screen, and using zero font sizes to conceal words from human eyes while keeping them visible to machine scanners. These methods result in emails that are decoded as benign by AI systems but appear as intended, often malicious, messages to human recipients.

Why it matters

The resurgence of text salting challenges the effectiveness of current AI-based spam filters and points out a critical gap in how these models process email content. Unlike traditional secure email gateways that inspect visible content thoroughly, many AI models process text without distinguishing visible from hidden content or rendering contexts, making them vulnerable to manipulation through embedded hidden words.

Given that over a million retail-themed salted phishing attacks have been observed since April, this technique poses a significant threat to enterprise email security. This signals that advancements in AI have not yet fully addressed long-known evasion techniques, highlighting the ongoing cat-and-mouse game between attackers and defenders in cybersecurity.

What to watch next

Enterprises should consider adopting layered email security strategies rather than relying solely on AI-driven content analysis. Barracuda recommends integrating checks on sender reputation, authentication verification, embedded URL analysis, HTML rendering inconsistencies, and cross-examination of user-visible versus hidden content to improve detection accuracy.

The evolution of AI spam filters will likely include training models to better recognize hidden text manipulations and contextual rendering differences. Meanwhile, organizations must remain vigilant and cautious about over-reliance on AI filtering tools alone, possibly combining traditional methods and human oversight to mitigate the risks posed by sophisticated phishing attacks.

Source assisted: This briefing began from a discovered source item from The Register Headlines. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings