Hidden Words, Invisible Attacks: How Hackers Used 1 Million Phishing Emails to Outsmart AI Security Filters + Video

Listen to this Post

Featured ImageIntroduction: The New Battle Between Human Creativity and Artificial Intelligence

Cybersecurity has entered a new era where attackers are no longer relying only on malicious files, fake websites, or obvious scams. Instead, they are learning how to manipulate the same artificial intelligence technologies that defenders use to protect users.

A recent phishing campaign involving more than one million emails revealed a troubling weakness in modern AI-powered security systems. Attackers used a decades-old technique known as text salting, hiding harmless-looking words inside email code to confuse automated security filters while keeping the real phishing message visible to human victims.

The discovery highlights a growing problem in cybersecurity: artificial intelligence is becoming both a powerful defense mechanism and a powerful weapon for attackers. While security companies continue improving AI detection systems, criminals are using large language models to create, modify, and scale attacks faster than ever before.

The Million-Email Campaign That Exposed AI Security Weaknesses

Researchers discovered that since April, more than one million retail-themed phishing emails had successfully used hidden text techniques to bypass email security systems. The campaign focused on common social engineering tricks, including fake rewards, loyalty points, gift cards, and urgent promotional offers designed to pressure victims into clicking malicious links.

At first glance, these emails appeared to be low-quality scams. They contained obvious marketing language, suspicious offers, and weak attempts at brand impersonation. A human reader could easily recognize many of them as suspicious.

However, automated security systems were not analyzing emails the same way humans were.

The attackers were not trying to make phishing emails look realistic. Instead, they were manipulating the invisible technical structure underneath the email, targeting the way security gateways interpret content.

Why Traditional Email Security Filters Failed

Secure Email Gateways, commonly known as SEGs, act as security checkpoints between attackers and users. They examine incoming messages and decide whether emails should reach an inbox or be blocked.

The first layer of protection is usually straightforward.

Security systems check sender reputation, domain ownership, authentication standards, and suspicious links. Many phishing campaigns fail immediately because attackers use fake domains or fail authentication checks.

However, the more difficult challenge is understanding the actual meaning of an email.

Security tools analyze:

Suspicious keywords

Urgent language

Fake promotions

Excessive financial references

Unusual formatting

Dangerous links

Social engineering patterns

Words such as “Congratulations,” “Limited offer,” “Claim your reward,” or “Act now” often trigger warnings.

The attackers found a way around this.

Instead of removing suspicious words, they surrounded them with meaningless hidden content to confuse automated analysis.

The Hidden Text Trick: A Simple Idea With Powerful Results

Text salting is not a new technique. Spammers have used similar methods for years to escape older filtering systems.

The concept is simple.

Attackers insert additional harmless text into an email so automated scanners struggle to understand the real message.

For example, a phishing email might contain words like:

“Urgent reward expiration”

A security filter may immediately identify this as suspicious.

Attackers then modify the hidden HTML structure:

“Urgent puppy book reward expiration”

The visible message remains the same for the victim, but the machine reading the email receives a completely different collection of words.

The goal is to reduce the confidence score of AI detection systems.

How Hackers Hide Their Malicious Content

Modern emails are built using HTML and CSS, meaning attackers can control how information appears on a screen.

They can hide unwanted text in several ways:

Setting font size to zero

Using invisible colors

Placing text outside the visible screen area

Creating hidden containers

Adding invisible scrolling areas

Embedding random paragraphs inside the email code

A victim sees:

“Congratulations! Your reward is waiting.”

But the security system may see:

“Congratulations puppy article book random information reward waiting urgent.”

The human interpretation and machine interpretation become completely different.

This creates a dangerous gap between what people see and what artificial intelligence analyzes.

Attackers Are Using AI to Improve Their Phishing Campaigns

The biggest concern is not only the hidden text technique itself.

The larger problem is that artificial intelligence has made these attacks easier to create.

Before modern AI tools, attackers needed technical knowledge to modify HTML structures, generate convincing messages, and test different versions of phishing emails.

Today, large language models can help criminals:

Generate thousands of phishing variations

Rewrite messages in different styles

Create realistic marketing language

Modify HTML code

Produce personalized attacks

Test which versions bypass filters

This creates an imbalance.

Defenders may need to analyze millions of attacks manually or through automated systems, while attackers can generate new variations almost instantly.

Deep Analysis: Understanding Hidden Text Attacks Through Code

Example of Hidden Text Injection in HTML

Attackers can hide additional words inside email code:


<div style="display:none;">
puppy book information random content
</div>

Congratulations! Claim your reward now.

The victim sees only the visible message, while automated systems may process the hidden content.

Zero Font Size Technique

A common hiding method:

<span style="font-size:0px;">
random harmless words
</span>

The browser hides the text, but scanners may still read it.

Invisible Text Color Method

<span style="color:white;background:white;">
hidden security bypass text
</span>

The content exists but becomes invisible to normal users.

Off-Screen Content Technique


<div style="position:absolute;left:-9999px;">
hidden filler words
</div>

The text is moved outside the visible email area.

Security Detection Example

Defensive systems should inspect HTML structure:

grep -E "display:none|font-size:0|visibility:hidden" email.html

Search for suspicious hidden elements:

grep -i "style=" email.html

Extract all visible and invisible text:

python3 extract_email_text.py suspicious_email.eml

The goal is not only keyword scanning but understanding the relationship between visible content, hidden content, sender identity, and user behavior.

The Future of AI Versus AI Cybersecurity

The phishing campaign demonstrates a major cybersecurity shift.

The old security model focused on detecting known threats.

The new security model must understand attacker behavior.

A simple keyword filter is no longer enough because attackers can manipulate language itself.

AI security systems must become better at:

Understanding context

Comparing visible and hidden content

Detecting abnormal email structures

Tracking sender reputation

Measuring behavioral patterns

Identifying suspicious user actions

The future of email security will depend less on finding individual bad words and more on understanding the entire story behind each message.

What Undercode Say:

The discovery of one million phishing emails using hidden text techniques represents a warning sign for the cybersecurity industry.

AI security systems are becoming powerful, but attackers are adapting at the same speed.

The biggest mistake organizations can make is assuming artificial intelligence automatically means perfect protection.

AI does not understand reality like humans do.

It analyzes patterns.

When attackers manipulate those patterns, detection accuracy can decrease.

Text salting is dangerous because it attacks the foundation of machine-based analysis.

The security system sees thousands of meaningless words.

The victim sees a simple urgent message.

The difference between those two views creates an opportunity for criminals.

This incident also shows the changing relationship between attackers and AI.

Cybercriminals no longer need to build every attack manually.

They can use AI as a development assistant.

A single attacker can now create thousands of personalized phishing campaigns.

This increases the scale of social engineering attacks dramatically.

The cybersecurity industry must move beyond traditional filtering methods.

Keyword detection alone belongs to an older generation of security.

Modern threats require deeper analysis.

Email systems need to understand intent.

They need to know whether a message is trying to manipulate human emotions.

They need to analyze why certain words appear together.

They need to compare hidden content with visible content.

The future battlefield will not simply be humans versus hackers.

It will be AI systems fighting against AI-assisted attackers.

The strongest security platforms will be those that combine machine intelligence with behavioral understanding.

Organizations should also remember that technology alone cannot solve phishing.

Human awareness remains critical.

Even the most advanced AI filter can miss a carefully designed message.

Employees must continue learning how to recognize suspicious behavior.

Security teams must prepare for attacks that constantly evolve.

The million-email campaign is not an isolated event.

It represents a broader trend where attackers exploit the weaknesses of automated systems.

As AI becomes more common, cybersecurity teams must assume attackers are already using it.

The next generation of email protection must be built around adaptation, not just detection.

Prediction

(+1) AI Security Systems Will Become More Advanced Through Context-Based Detection 🚀

Future email protection platforms will likely move beyond keyword scanning and develop stronger behavioral analysis capabilities.

Security AI will increasingly examine the complete relationship between sender history, hidden code, message purpose, and user actions.

Companies that invest early in adaptive AI security will have a major advantage against evolving phishing campaigns.

(-1) AI-Assisted Phishing Will Continue Growing as Attackers Scale Faster ⚠️

Criminal groups will continue using large language models to automate phishing creation and bypass traditional defenses.

Without stronger security strategies, organizations may face a continued increase in highly personalized phishing attacks.

✅ Confirmed: Researchers identified more than one million phishing emails using hidden text salting techniques to bypass automated security filters.

✅ Confirmed: Hidden HTML and CSS elements can manipulate how security systems interpret email content.

✅ Confirmed: Large language models are increasingly being used by attackers to create and modify phishing campaigns, increasing the speed and scale of cyber threats.

▶️ Related Video (76% Match):

https://www.youtube.com/watch?v=071KtiNdKXQ

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: www.darkreading.com
Extra Source Hub (Possible Sources for article):
https://www.discord.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube