A new, highly effective phishing technique known as “Zero-Point” has emerged, successfully bypassing Microsoft 365’s Advanced Threat Protection (ATP). Attackers embed the entire phishing URL into a nearly-invisible, single-pixel image, which is then layered over a benign image. Human users click the visible image, but the link points to the malicious hidden layer, confusing URL scanners.
Business Impact
This attack defeats the automated URL-scanning mechanisms used by cloud email providers. The high camouflage rate dramatically increases click-through rates, leading to massive credential theft campaigns just before the holiday period.
Why It Happened
The technique exploits a discrepancy in how email clients render layered images versus how cloud security gateways scan the HTML code. The scanner sees the benign link first and passes the email.
Recommended Executive Action
Update email security rules to flag emails containing highly-layered or single-pixel image attachments. Enhance employee training to focus on “trust signals” and external links, emphasizing that **all** unexpected requests for credentials are fraudulent.
Hashtags: #Phishing #M365 #EmailSecurity #ZeroPoint #CyberCrime #CredentialTheft #InfoSec