English

Exploring Content Concealment in Email

Cryptography and Security 2024-10-16 v1 Networking and Internet Architecture

Abstract

The never-ending barrage of malicious emails, such as spam and phishing, is of constant concern for users, who rely on countermeasures such as email filters to keep the intended recipient safe. Modern email filters, one of our few defence mechanisms against malicious emails, are often circumvented by sophisticated attackers. This study focuses on how attackers exploit HTML and CSS in emails to conceal arbitrary content, allowing for multiple permutations of a malicious email, some of which may evade detection by email filters. This concealed content remains undetected by the recipient, presenting a serious security risk. Our research involved developing and applying an email sampling and analysis procedure to a large-scale dataset of unsolicited emails. We then identify the sub-types of concealment attackers use to conceal content and the HTML and CSS tricks employed.

Keywords

Cite

@article{arxiv.2410.11169,
  title  = {Exploring Content Concealment in Email},
  author = {Lucas Betts and Robert Biddle and Danielle Lottridge and Giovanni Russello},
  journal= {arXiv preprint arXiv:2410.11169},
  year   = {2024}
}

Comments

18 pages, 9 figures, 5 tables, currently accepted at the APWG Symposium on Electronic Crime Research 2024, but not yet published

R2 v1 2026-06-28T19:21:48.899Z