Invisible Phishing Tactics: Why “Shy Z-WASP” is Still a Buzzkill for Email Security

Phishing messages are getting sneakier with the use of zero-width characters, like the SHY and Z-WASP techniques. These “invisible” tricks can bypass security checks and fool even the most alert users. But don’t worry, Outlook’s Junk folder can help you spot these digital Houdinis with ease!

1P
Published: January 27, 2025 12:20 pmAdded: January 27, 2025 at 4:55 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, the Invisible Perils of the Digital World! Who knew that the scariest thing in your inbox might just be something you can’t see? Welcome to the world of ghostly phishing techniques where the spookiest features are zero-width and SHY characters. These phishers are truly taking ‘silent but deadly’ to a whole new level!

Key Points:

  • Phishers are using zero-width characters and unrendered HTML entities to evade detection.
  • The Z-WASP technique, discovered in 2018, utilizes zero-width characters to bypass security filters.
  • SHY HTML entities have been used since at least 2010 to obfuscate phishing messages.
  • Combining these techniques in emails is rare, but not unheard of.
  • Viewing emails without HTML formatting can help reveal hidden phishing attempts.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?