Phishing Template Uses Fake Fonts

A unique phishing template using fake fonts to evade detection and to better steal user credentials for a major US bank has been discovered, according to new research from Proofpoint. Researchers identified what they are calling a first-of-its kind phishing template that uses fake fonts to exploit web font features typically used by developers to deploy a range of fonts on user devices. This new template uses fake web fonts to render well-crafted phishing pages to harvest credentials impersonating a major US bank, the research said. Researchers listed several email addresses that were associated with the phishing kit within the PHP source codes and hard-coded as recipients of stolen credentials. In addition, researchers explained,“when the phishing landing page renders in the browser, users are presented with a typical online banking credential phish leveraging stolen bank branding. However, the source code of the page includes unexpectedly encoded display text."