1

This is obviously not from PayPal, but the font in the word account displayed using odd looking font, is this a security risk to me that Outlook.com displayed this font? See below, Outlook has preview text enabled as default

enter image description here

Coderxyz
  • 562
  • 4
  • 9

1 Answers1

2

Nope, that's not actually a different font, it's Unicode. There's no exploit at work here.

Specifically, it's either another language's character set or, more likely, mathematical alphanumeric symbols like these, which are all rendered from the same font:

latin capital letters (screenshot from Wikipedia)

For other examples of abuse regarding mathematical alphanumerics, search twitter for fakeunicode mathematical or just follow @FakeUnicode, an account dedicated to the oddities of unicode and unicode abuse.

This is a technique used to evade spam detection.

Here's what a computer sees given rather than Account:

$ echo "Here's what a computer sees given  rather than Account" |hd
00000000  48 65 72 65 27 73 20 77  68 61 74 20 61 20 63 6f  |Here's what a co|
00000010  6d 70 75 74 65 72 20 73  65 65 73 20 67 69 76 65  |mputer sees give|
00000020  6e 20 f0 9d 99 b0 f0 9d  9a 8c f0 9d 9a 8c f0 9d  |n ..............|
00000030  9a 98 f0 9d 9a 9e f0 9d  9a 97 f0 9d 9a 9d 20 72  |.............. r|
00000040  61 74 68 65 72 20 74 68  61 6e 20 41 63 63 6f 75  |ather than Accou|
00000050  6e 74 0a                                          |nt.|

This hex dump shows that is not ASCII. is represented by three bytes, 0xf0 0x9d 0x99, which is U+1D670. Contrast with A, which a single byte, 0x41.

Most anti-spam systems parse text using patterns and/or models of word frequencies. By altering the text, your spammer has altered how the anti-spam systems see the message. This message's subject does not technically use the word "account", so a rule seeking that pattern or a model using that word won't recognize it.

Smarter anti-spam systems will account for this in some way by massaging the text into ASCII and/or by specifically hunting this sort of obfuscation technique. Word frequency models can learn about "words" like this as well.

Adam Katz
  • 9,718
  • 2
  • 22
  • 44
  • That is a great explanation, I wonder why Outlook actually allows unicode to show up in the text prevew parts of the email, it feels like a security risk in the way some people could be tricked into opening an email with drive by malware from dodgy tracking pixels. – Coderxyz Oct 06 '20 at 23:18
  • 1
    Not everybody corresponds in ASCII. Unicode is needed for nearly every other language. Why shouldn't Outlook's preview be able to say "Привет" or "שָׁלוֹם" or "Olá" ("Hello")? Where's the security risk? I do not know of any vulnerability that involves rendering Unicode. The only risk is that of [tofu](https://english.stackexchange.com/q/62524/112762 "Unicode replacement glyphs look like square blocks of tofu"). – Adam Katz Oct 07 '20 at 14:57