Exploring Content Concealment in Email
Lucas Betts, Robert Biddle, Danielle Lottridge, Giovanni Russello
TL;DR
This paper investigates how attackers use HTML and CSS techniques to conceal malicious content in emails, evading filters and posing security risks, by analyzing a large dataset of unsolicited emails.
Contribution
It introduces a novel analysis procedure to identify HTML and CSS-based concealment techniques used by attackers in email content.
Findings
Identified multiple sub-types of content concealment methods.
Documented specific HTML and CSS tricks used for concealment.
Demonstrated the effectiveness of the analysis procedure on large datasets.
Abstract
The never-ending barrage of malicious emails, such as spam and phishing, is of constant concern for users, who rely on countermeasures such as email filters to keep the intended recipient safe. Modern email filters, one of our few defence mechanisms against malicious emails, are often circumvented by sophisticated attackers. This study focuses on how attackers exploit HTML and CSS in emails to conceal arbitrary content, allowing for multiple permutations of a malicious email, some of which may evade detection by email filters. This concealed content remains undetected by the recipient, presenting a serious security risk. Our research involved developing and applying an email sampling and analysis procedure to a large-scale dataset of unsolicited emails. We then identify the sub-types of concealment attackers use to conceal content and the HTML and CSS tricks employed.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPersonal Information Management and User Behavior · Information and Cyber Security · Knowledge Management and Sharing