Application security, Email security

Over 1 million malicious emails found using text salting to fool AI scanners

More than 1 million email attacks were detected since April 2026 using text salting techniques to bypass keyword-based email security scans, including AI tools, Barracuda reported Thursday.

Text salting involves filling an email’s source code with hidden content containing benign keywords to avoid being classified as spam by security scanners, such as large language model (LLM) based scanners.

Automated scanners will read all of the text in the email, including the hidden content, while human users will only see the portion of the email containing the phishing attempt, luring them to click on a malicious link or divulge sensitive information.

Barracuda observed this technique being used in phishing campaigns leveraging rewards, gifts cards and other time-sensitive redemption offers as lures to trick users.

The extra content, which may include random stories, conversations or seemingly legitimate work-related notes, is designed to outweigh suspicious keywords such as “rewards” or “card” with harmless keywords that lead scanners to misclassify them as benign.

The researchers believe attackers are also using AI to help generate these malicious emails to create unique benign content for each email and automatically embed the hidden content around the malicious lures.

“It allows a dangerous 20-word link to be hidden inside a 400-word invisible story that appears safe and positive, tricking the security AI,” the researcher wrote.

The techniques used to hide the content from human viewers are usually layered to ensure the salted content remains out of view even if one technique fails. These methods use CSS and HTML in the source code to manipulate the way browsers display the email content.

CSS properties may be used to crop the visible area containing the extra content by 100% on all sides using “clip-path: inset (100%)” and cut the vertical size of the text block down to zero using “max-height:0” and “line-height:0”.

The text can also be made to display far outside of the email viewing window with a property such as “text-indent: -9999px” along with the property “Overflow: Hidden” to prevent a horizontal scrollbar from appearing that would allow the user to scroll to the hidden content.

Setting the text size to zero (“font-size: 0px”), making it invisible, can be used in conjunction with these techniques but can also be used to embed salted content in between malicious content to break up suspicious keywords or phrases such as “Your password expired.” A benign word could be inserted between “pass” and “word” to prevent the word “password” from being detected.

Barracuda also noted that the domains used to send emails for these phishing campaigns included both compromised legitimate websites and fake lookalike websites, which were configured with DKIM to pass email authentication checks.

The company recommended organizations use a layered approach to email security, not relying on one method or email scanner to protect users from malicious phishing content.

“This involves strengthening email security analysis with controls that can evaluate message structure, sender reputation, behavioral anomalies, authentication results, embedded links, HTML-rendering techniques, and the user-visible content,” the researchers concluded.

You can skip this ad in 5 seconds