Email salting attacks

Email salting attacks: the whats, whys, and hows

ByBrad Slavin
Email salting attacks
DMARC Report
Email salting attacks: the whats, whys, and hows
Loading
/

Threat actors always prefer staying a step ahead of the cybersecurity mechanisms. Just when brands and organizations were feeling relieved, a whole new email-based threat attack entered the scene. Known as the email salting attack, it is a clever and sophisticated move by threat actors to bypass email security measures and spam filters. The core purpose of this attacking strategy is to evade detection mechanisms and carry out malicious tasks such as business email compromise, ransomware attacks, phishing email delivery, and social engineering attacks. Reputed names such as Norton LifeLock and Wells Fargo have already fallen prey to email salting attacks.

This blog aims to explore this newly emerging attack tactic that currently poses a huge threat to email communication systems across the globe.

Email salting attack: definition

An email salting attack is a powerful technique used by threat actors to insert hidden texts in the email content so that detection systems and security mechanisms fail to identify them. It is highly effective against spam filters and parsers that are dependent on specific keywords. 

Cybersecurity

Cyberattackers very smartly use the features of HTML and CSS to insert comments and keywords that can go undetected by cybersecurity systems. These irrelevant and malicious texts can successfully impact the efficiency of security systems and email parsers, thereby leading to threat attacks through email communications. There are multiple ways through which email salting attacks are carried out. As a result, this latest threat attack tactic is giving a hard time to cybersecurity experts

Traditionally, the salting tactic was not used to carry out malicious activities. Rather, it was used to strengthen the passwords to boost security. However, threat actors have started using this strategy against security mechanisms to penetrate email ecosystems. 

Cybercriminals use email salting attacks primarily for:

  • Bypassing spam filters by inserting hidden texts.
  • Increasing the chances of malicious email delivery into inboxes instead of spam folders.
  • Evading different email analysis tools that are reliant on specific patterns and keywords.
email analysis tools

Types of email salting techniques  

There are four major types of email salting techniques popular among threat actors. These are:

1. Hidden text salting

This email salting attack involves the insertion of unclear or hidden texts into emails. These hidden messages can include:

White texts

It is impossible to detect or decipher any white text that is written on a white background. This is a popular hidden text salting tactic used by threat actors to sneak in malicious texts.

Invisible Unicode characters

Zero-width characters or Unicode characters are easily inserted within email content in order to evade spam filters and parsers that depend on keywords for successful spam detection.

Commands

Commands like font-size:0 and display: none are also used to manipulate CSS properties, thereby hiding spammy texts. 

CSS properties

2. Bayesian poisoning

Another smart email salting attack technique involves the insertion of random words that are harmless in nature into email content. The goal is to bypass Bayesian spam filters. These spam filters work on the principle of Bayesian probability to distinguish genuine messages from email spam. Threat actors try to evade these filters by inserting well-planned strings of words or even random words so that the emails are not flagged or delivered into spam folders. The Bayesian poisoning tactics make the malicious email appear superficially safe. 

3. Email header salting

This technique involves the insertion of misleading information in the Reply-to or Return-path fields of an email with the goal of modifying email headers. By manipulating the email headers, it gets easy for threat actors to bypass detection systems. This technique makes the malicious emails appear legitimate.

4. Unicode homoglyph attacks

This is another highly effective email salting technique that involves replacing genuine email content with malicious characters. It is impossible to detect any kind of tampering through the naked eye. For example, threat actors effectively replace ‘m’ with ‘rn’ to evade detection strategies

financial fraud

How do email salting attacks work?

Threat actors aim to achieve different malicious goals, such as data theft, financial fraud, and phishing. This is how email salting attacks are carried out step by step:

Target identification

First of all, the threat actors carry out detailed research about their victims by using social engineering tactics. The idea is to understand the communication patterns of the target closely.

Email manipulation

Next, lookalike email addresses are created by subtly altering the username or domain.

Message crafting

The threat actors pay extra attention to make the email sound convincing to the real sender. The email content can revolve around a fake login alert, an urgent request for payment, or even an invitation to click on a malicious link.

fake login alert

Delivery and deception

Next, upon receiving the email, the victim may think of it as legitimate and click on the link or share sensitive data.

Exploitation

Now, the threat actor can easily steal user credentials, share sensitive data, or install malware.

How to mitigate email salting attacks?

It is possible to mitigate email salting attacks by implementing the below-mentioned strategies:

install malware

Visual content analysis

Visual content analysis can easily identify hidden messages within emails. It is a highly effective tactic to detect invisible texts and commands.

Advanced filtering

This is a complete game-changer strategy to successfully detect email salting attacks. With advanced filtering systems, it gets easier to identify unusual HTML structures and hidden texts. Filtering tactics can be used to detect questionable commands such as visibility: hidden and display: none. With these filtering systems, it is possible to analyze the HTML source structures. By evaluating the structure, one can detect unnecessary usage of inline styles or hidden elements. 

AI and machine learning

Artificial Intelligence can effectively mitigate email salting threats. There are multiple AI-driven tools that can help identify email salting attack trends. Implementing SPF, DKIM, and DMARC can help mitigate email salting attacks by ensuring email authentication, preventing domain spoofing, and blocking malicious emails before they reach the recipient’s inbox. 

Wrapping up!

It is possible to evade email salting attacks by staying vigilant and adopting the right security protocols. Also, training employees can help identify suspicious emails. With such sophisticated cyberattacking strategies coming up every now and then, the only way to safeguard your system and data is to stay aware and take proactive measures to strengthen your email defense mechanism

Similar Posts

Apple Fixes USB, Embargo Leaks Data, Politics Hinder Cybersecurity

Apple Fixes USB, Embargo Leaks Data, Politics Hinder Cybersecurity

ByBrad Slavin

It’s the second week of February, and we are back once again with our weekly dose of fresh cyber news. Threat actors around the world are trying their best to sneak into systems and networks to impart critical damage. Meanwhile, cybersecurity experts are doing their best to curb this growing menace. Experts believe that rapid…

How to reach the DMARC reject policy for the ultimate protection against phishing and spoofing?

How to reach the DMARC reject policy for the ultimate protection against phishing and spoofing?

ByBrad Slavin

DMARC reject is the strictest policy, and every domain owner wants to set their DMARC records to this; however, the confidence to use this policy is difficult to come by. Banking, defense, healthcare, and other industries that deal with sensitive data rigorously aim to reach the ‘reject’ policy as soon as possible because their risk…

How to Create a DMARC Record in GoDaddy for Enhanced Email Security

How to Create a DMARC Record in GoDaddy for Enhanced Email Security

ByBrad Slavin

To create a DMARC record in GoDaddy, log into your account, navigate to DNS Management for your domain, and add a new TXT record with the name “_dmarc” and the value “v=DMARC1; p=quarantine; pct=100; rua=mailto:your-email@example.com” (replacing ‘your-email@example.com’ with your administrator email). Finally, save your changes, keeping in mind that DNS updates may take up to…

4 situations in which you should use the DMARC’s p=none policy

4 situations in which you should use the DMARC’s p=none policy

ByBrad Slavin

DMARC has three policies— none, quarantine, and reject. The ‘quarantine’ and ‘reject’ policies are strict and are used the most. However, there are cases where the ‘none’ policy is ideal. The ‘none’ policy is enforced using the p=none tag in a DMARC record. It instructs the receiving servers to take no action against unauthorized emails…