Blog

Hidden Text Salting: A New Email Security Threat

By Mersad March 6, 2025

Email remains hackers’ first choice for launching attacks on unsuspecting companies because it’s easy, inexpensive, and effective. Phishing messages take advantage of the weakest link in any security strategy—humans—and for every tool security experts develop to close that gap, cybercriminals find a way around it. 

Hidden text salting is the latest approach to thwarting email security, and it’s deceptively simple. 


The Email Security Threat That Hides in Plain Sight 

Security researchers at Cisco Talos recently released a guide detailing how criminals are “seasoning” emails with irrelevant language and hidden elements in the HTML or CSS code. This hidden text salting makes email security bypass easier because it confuses the spam filters, email parsers, and other tools that detect the signs of phishing messages. 


The result? Even powerful email filters become confused and allow potentially harmful messages to pass through and land in your employees’ inboxes. For example, the hackers embedded French words in one attack in an email. The spam filter didn’t recognize them, and instead of directly sending the messages to the junk mail folder, it delivered them to the inbox. 


Other attacks exploit features in the coding languages that control the appearance of the email. Hackers can include a “visibility:hidden” command in the email code to disguise traits that would normally trigger email security controls. 


Whatever approach the hackers take, these email scam techniques are effective and can have significant consequences for your business. 


How You Can Counter Hidden Text Evasion Techniques and Protect Your Company

Even when you follow expert recommendations for email security, including in-depth employee education, training, and testing, hidden text salting represents a significant challenge to your security stance. Your employees can’t react to what they can’t see, and when an email is otherwise convincing, it’s easy to see why they can slip through. 


That’s why your IT security team needs to implement new tools and policies to address salting in phishing attacks. Experts recommend several tactics to accomplish this. 


Read Emails in Plain Text Mode 

Emails delivered in plain text mode might not be as visually appealing as those with HTML formatting, but removing those features eliminates a hacker’s ability to hide malicious code. Plain text doesn’t accommodate links or images, so there’s less risk that those elements can hide harmful content. 


Use Advanced Email Filtering Techniques 

Instead of setting your email filters solely on keywords, addressing hidden text salting requires upgrading the filters to detect abuse of HTML and CSS properties. Scanning the structure and design of the email, in addition to its content, can catch some poisoned messages before they land in inboxes. 


Implement AI Tools 

Protecting your company from phishing attempts as criminals become more sophisticated requires using more sophisticated tools. AI-powered email security solutions use machine-learning models to evaluate messages, identify threats, and thwart messages that contain hidden text salting and elements designed to evade detection. With powerful AI and visual feature-based detection techniques, your company is less likely to become a victim of a phishing attack.



Used with permission from Article Aggregator

Related Posts

By Mersad September 23, 2025
How can a small-scale establishment stand out in today's competitive market? With the shift toward digital-first experiences, mobile apps help businesses stay relevant and accessible, no matter their size. Learn more about them here.
By Mersad September 22, 2025
Many businesses across various industries have already implemented a remote work model. Around 35% of Silicon Valley workers, for example, now work from home, a sharp rise from the 2019 pre-pandemic period's 6%, and for good reason. This shift brings many worthwhile advantages, including:
By Mersad September 20, 2025
There’s no question that the traditional username and password combination is a weak link when it comes to online security. For several years, experts have encouraged businesses to implement passkeys to overcome the pitfalls of traditional passwords, which have become increasingly vulnerable to cybercriminals.
By Mersad September 19, 2025
Just how safe is your establishment from online threats? A new phishing scam is making waves and targeting US-based organizations. Learn more about it here so you can bolster your defenses.
By Mersad September 18, 2025
Are you finding it harder to keep your offerings profitable over time? By investing in innovation, establishments can predict and control physical wear, combat obsolescence, and even discover new utilization opportunities. Learn more about technology for longer product lifecycles here.

Contact Information

1035 Medina Rd, Suite #800

Medina, OH 44256