Phishing Tactic Hides Tracks with Custom Fonts

January 4, 2019

The phishing campaign is using a new technique to hide the source code of its landing page – and stealing credentials from customers of a major U.S.-based bank.

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks.

Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting landing page looks like a login page for a major U.S. bank – but in reality the page is bent on stealing banking customers’ credentials, Chris Dawson, threat intelligence lead at Proofpoint, told Threatpost. The phishing kit uses custom web fonts to obfuscate the source code for the landing page – making it seem harmless.

Complete article on threatpost.com


A strong cybersecurity strategy starts with secure backups in case you ever need to restore your data.  CYF4® – Enveloc® FedRAMP Azure Government Cloud Backup uses the Azure Government Cloud combined with End-to-End AES 256-bit encryption to protect your data.