Phishing Emails Use Invisible Hyphens To Avoid Detection
KnowBe4, Friday, November 7th, 2025
A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center.
The emails use soft hyphens to break up the subject line 'Your Password is About to Expire' so the messages aren't flagged as malicious. The email client doesn't render the hyphens, however, so the user sees a normal sentence