Why attackers are using hidden text salting to evade email filters

Update: 2025-02-12

Description

In this episode Hazel chats with Omid Mirzaei, a security research lead in the email threat research team at Cisco Talos.

Omid and several Talos teammates recently released a blog on hidden text salting (or poisoning) within emails and how attackers are increasingly using this technique to evade detection, confuse email scanners, and essentially try and get phishing emails to land in people’s inboxes.

Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. The idea is to include some characters into the HTML source of an email that are not visually recognizable.

For more, head to the Talos blog

Comments

In Channel

Tampered Chef: When Malvertising Serves Up Infostealers

2025-09-1811:22

Inside the Black Hat NOC: Lessons in Securing One of the Wildest Networks

2025-09-0323:05

Breaking Down Chaos: Tactics and Origins of a New RaaS Operation

2025-08-0115:33

Why Attackers Love Your Remote Access Tools

2025-07-1714:22

Teaching LLMs to spot malicious PowerShell scripts

2025-06-2616:16

How cybercriminals are camouflaging threats as fake AI tool installers

2025-06-0517:05

Inside the attack chain: A new methodology for tracking compartmentalized threats

2025-05-2216:29

Follow the motive: Rethinking defense against Initial Access Groups

2025-05-1516:38

Year in Review special pt. 4: How AI is influencing the threat landscape?

2025-05-0132:19

Year in Review special part 3: Identity and MFA attacks

2025-04-2422:58

Year in Review special part 2: The biggest ransomware trends

2025-04-1718:41

Year in Review special part 1: vulnerabilities, email threats, and adversary tooling

2025-04-1018:15

A blueprint for protecting major events

2025-02-2613:43

Why attackers are using hidden text salting to evade email filters

2025-02-1209:59

How to establish a threat intelligence program (Cisco Live EMEA preview)

2025-02-0516:01

Web shell frenzies, the first appearance of Interlock, and why hackers have the worst cybersecurity: IR Trends Q4 2024

2025-01-3113:59

Exploring vulnerable Windows drivers

2025-01-1515:24

It's the 35th anniversary of ransomware - let's talk about the major shifts and changes

2024-12-1123:28

Unwrapping the emerging Interlock ransomware attack

2024-11-1415:02

It's Taplunk! Talos and Splunk threat researchers meet to put the security world to rights

2024-10-3150:38

00:00

Why attackers are using hidden text salting to evade email filters

#box-pro-ellipsis-175871757527569{-webkit-line-clamp:2;}Why attackers are using hidden text salting to evade email filters

Why attackers are using hidden text salting to evade email filters

Cisco Talos

Why attackers are using hidden text salting to evade email filters