--- title: "Phishing Emails Just Became Even Harder to Spot with Invisible Text | DuoCircle" description: "Let’s face it, hackers do whatever they can to get you to click on their link. And they have a lot of tools in their toolbox to get you to click." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/" --- Quick Answer Attackers are using zero-font and Unicode soft-hyphen techniques to slip phishing emails past Secure Email Gateways. The earlier method inserted invisible characters between letters of trigger phrases like password expired or Office 365 so SEGs would not match keyword rules. SEGs adapted by detecting those zero-width characters. The counter-move uses the Unicode soft hyphen (U+00AD): every letter in the trigger phrase is separated by a soft hyphen, which renders as nothing in the email client but is a legitimate character the SEG sees and accepts, so the rule never fires. Awareness training cannot defend against this because users see clean text. Filtering needs to evaluate where embedded links actually point and quarantine messages whose destinations are unsafe, regardless of body content. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fphishing-emails-just-became-even-harder-to-spot-with-invisible-text%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Emails%20Just%20Became%20Even%20Harder%20to%20Spot%20with%20Invisible%20Text&url=undefined%2Fblog%2Fphishing-protection%2Fphishing-emails-just-became-even-harder-to-spot-with-invisible-text%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fphishing-emails-just-became-even-harder-to-spot-with-invisible-text%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fphishing-emails-just-became-even-harder-to-spot-with-invisible-text%2F&title=Phishing%20Emails%20Just%20Became%20Even%20Harder%20to%20Spot%20with%20Invisible%20Text "Share on Reddit") [ ](mailto:?subject=Phishing%20Emails%20Just%20Became%20Even%20Harder%20to%20Spot%20with%20Invisible%20Text&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fphishing-emails-just-became-even-harder-to-spot-with-invisible-text%2F "Share via Email") ![Phishing Emails](https://media.mailhop.org/duocircle/images/2020/08/365-to-365-migration-3330.jpg) Let’s face it, _hackers do whatever they can to get you to click on their link_. And they have a lot of tools in their toolbox to get you to click. _Everything from social engineering to display name spoofing to domain name spoofing_. It’s all to get you to do one thing: **click the link**. Now, _they’ve come up with something that may be harder to defend yourself against: invisible text_. To be sure, hackers have been using techniques similar to this for a while. According to an article on [Dark Reading](https://www.darkreading.com/attacks-breaches/attackers-use-unicode-and-html-to-bypass-email-security-tools/d/d-id/1338739?%5Fmc=rss%5Fx%5Fdrr%5Fedt%5Faud%5Fdr%5Fx%5Fx-rss-simple), “Attackers are continuously testing enterprise **security systems** and exploring new ways to get through. Some rely on hidden text and [zero-font attacks](https://www.inky.com/blog/dually-deceptive-two-new-phishing-scams-swimming-by-your-seg), in which they put **invisible characters** between the letters of an email so it doesn’t trigger **email defenses** with phrases like “password expired” or “Office 365.” These malicious emails appear legitimate to any unsuspecting user.” In response to this hidden text tactic, Secure Email Gateways (SEG) started looking for it so it could reject emails with these obviously **hidden letters**. And that worked for a while. _But it wasn’t long before hackers had their own counter move: the soft hyphen_. Continuing from the article, “_To get around that, the attackers have used the Unicode Soft Hyphen_. To the user, it is all invisible. In a text editor, the soft hyphen appears as you’d expect, a hyphen. However, the text editor also shows that every letter is separated by a soft hyphen. What is important here is that the SEG also sees the soft hyphen. As such, the phrases are **not flagged** at all. _It is this that is defeating the SEG and failing to mark the email as malicious_.” From [Security Boulevard](https://securityboulevard.com/2020/08/there-but-not-there-phishing-emails-using-invisible-text/), “This type of **phishing scam** is nasty because the average person has no idea the capability to sneak in this type of code existed.”In other words, all the [security awareness training](/phishing-protection/latest-research-confirms-the-ineffectiveness-of-security-awareness-training/) in the world will not protect you from an exploit this sophisticated. [![Phishing Protection](https://media.mailhop.org/duocircle/images/2020/08/cross-tenant-migration-office-365-2535.jpg)](https://media.mailhop.org/duocircle/images/2020/08/cross-tenant-migration-office-365-2535.jpg) _You’re going to need some help to protect your organization from an attack like this_. Introducing a little help: [Phishing Protection](/email/phishing-protection) from DuoCircle. Phishing Protection works because _it doesn’t care whether there are soft hyphens or not_. The only thing it cares about is where the links point to and is that destination safe. And if it’s not, _Phishing Protection quarantines the email_, keeping it out of your inbox so you can’t click the link, which is the only thing the hackers want you to do. Phishing Protection is cloud-based, _so there’s nothing to buy, no maintenance and sets up in 10 minutes_. It works with all major email services and only costs pennies per user per month. Try Phishing Protection for **free for 60 days**. Don’t let those clever hackers win. ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ Phishing 11m AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[ Phishing 5m 10 Applications of ChatGPT that Hackers Are Already Exploiting May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[ Phishing 4m 65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[ Phishing 9m 7 Ways to Protect Your Organization from Email-based Ransomware Attacks Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Emails Just Became Even Harder to Spot with Invisible Text","description":"Let’s face it, hackers do whatever they can to get you to click on their link. And they have a lot of tools in their toolbox to get you to click.","url":"https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/","datePublished":"2020-08-26T18:18:18.000Z","dateModified":"2025-06-16T14:23:22.000Z","dateCreated":"2020-08-26T18:18:18.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/"},"articleSection":"phishing-protection","keywords":"","wordCount":461,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/08/365-to-365-migration-3330.jpg","caption":"Phishing Emails","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"Phishing Emails Just Became Even Harder to Spot with Invisible Text","item":"https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Phishing Emails Just Became Even Harder to Spot with Invisible Text","item":"https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Emails Just Became Even Harder to Spot with Invisible Text","description":"Let’s face it, hackers do whatever they can to get you to click on their link. And they have a lot of tools in their toolbox to get you to click.","url":"https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/","datePublished":"2020-08-26T18:18:18.000Z","dateModified":"2025-06-16T14:23:22.000Z","dateCreated":"2020-08-26T18:18:18.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/phishing-emails-just-became-even-harder-to-spot-with-invisible-text/"},"articleSection":"phishing-protection","keywords":"","wordCount":461,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/08/365-to-365-migration-3330.jpg","caption":"Phishing Emails","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```