Penetration Testing Experts



This past year has been a long, tough year for most of us. Chances are that you would like nothing more than to relax, let your guard down (and your hair), and enjoy a well-deserved break.

It’s a great idea but the problem is that scammers and hackers are expecting that, and they know that at this time, there are more opportunities to exploit any weakness in your cyber defenses and lack of attention to detail over the festive period.

Case in point: Did you know that recently there has been a phishing email scan making its way around the web that uses a tiny font to bypass security. The campaign is called One Font to refer to the one point font that the malicious code is written in, which is extremely tiny and hard to read. (e.g This text is written in 11 point font.)

Cybertalk reports that One Font emails ‘use links coded within the <font> tag. When paired with other obfuscation techniques, this tactic can destroy the effectiveness of email filters that leverage NLP in their analyses, according to Jeremy Fuchs, a cyber security researcher with Avanan.

“This breaks semantic analysis, which leads many solutions to treat it as a marketing email, as opposed to phishing,” says Fuchs. “Natural language filters see random text; human readers see what the attackers want them to see.”

Clicking on any of the links in the emails takes the user to a fake URL, where they will be prompted to type in their credentials. From there, it’s easy for bad actors to pinch your credentials and deploy them in ways that undermine your online identity and steal your assets.

It is a tricky, successful campaign, but there are solutions if you know what to look for and you have a sophisticated security team like 2|SEC behind you. ‘Implementing a security architecture that focuses on multiple factors in identifying and blocking malicious emails can help mitigate attacks,’ is a great start.


Aside from One Font, there are many scammers out there trying to trick you into spending money in the wrong places online. Here are a few quick reminders of what you should and shouldn’t do before you start spending freely on exotic Christmas gifts and end-of-year treats:

● Stick to secure and reputable sites, don't follow a link, type the URL into your browser
● Ensure address begins with https:// and not http://
● Use a credit card for purchases over £100
● Try and use PayPal if you can

And while we’re on the subject of handy tips, remember this about your passwords, which are one of the most effective tools that you have at your disposal:

● Use a strong and separate password for your email
● Create passwords using 3 random words
● Turn on 2FA
● Update your devices
● Backup your data

In the days leading up to Xmas, 2|SEC is discussing the various ways that you can keep your data and cyber assets safe this winter. Follow us on LinkedIn to get daily updates and tips from 2|SEC.

And if you’re ready to deploy a security team that knows what you need and how to keep you safe so you can relax, then reach out to 2|SEC today.

Scroll to Top