Dateline: July 17, 2026
Your Email Gateway Reads Code. Attackers Are Writing For The Code
Somewhere in the HTML of the email you deleted this morning, there may have been a 400 word story about a puppy.
You did not see it. Your security gateway did. That was the point.
Researchers have counted more than one million phishing attacks since April using a trick called text salting, and the emails are landing in inboxes protected by AI.
What Happened?
A published research on July 16 documenting a retail themed phishing campaign that hides junk text inside phishing emails to fool email security tools.
The lures are basic. Expiring rewards. Points about to vanish. Gift cards. Urgent redemption offers with a malicious link attached. Nothing clever, nothing polished.
The clever part is underneath.
Secure email gateways do not look at an email the way you do. They read the source code and score it on how many suspicious words show up. So attackers pad the message with harmless filler: random stories, project notes, chatty nonsense loaded with words like puppy, training, notes, task, rhythm, and book. That filler drowns out words like rewards, expires, and card. The math tips toward benign. The email goes through.
Then they hide the filler from you.
The team documented the CSS doing the work. “clip-path: inset(100%)” crops the viewing window to nothing. “max-height:0” and “line-height:0” flatten the block so no suspicious gap appears. “text-indent: -9999px” shoves the text roughly ten thousand pixels off the left edge of your screen. “Overflow: Hidden” kills the scrollbar that would give it away.
There is also the zero font trick. Attackers drop random characters inside words at font size zero. The HTML reads “Your pass [random text] word expired.” A scanner hunting for “Your password expired” finds nothing. You read “Your password expired.”
Modern tools know about salting and try to force hidden text into view. So attackers stack several concealment methods at once. Researchers compared it to three deadbolts on one door.
The sending infrastructure holds up too. Compromised legitimate websites and lookalike domains, most configured with DKIM.
The Impact
Here is the part that stings. AI was supposed to fix this.
An LLM reading raw email source has no idea which words the recipient can actually see. Feed it a 20 word malicious link buried inside a 400 word invisible story about someone’s weekend, and the model weighs the whole thing. Intent looks fine. Sentiment looks fine. Risk score drops. Message delivered.
The models are being influenced by text no human will ever read.
AI cuts the other way as well. Generating endless paragraphs of plausible filler used to take effort. Now it costs nothing, and every email in a campaign can be worded differently. A million attacks, a million variations, no signature to write.
How to Avoid This
Stop trusting the source code. Your tooling needs to compare what the user sees against what the raw HTML says, and treat a gap between the two as a signal on its own.
- Look for the tells. Zero height blocks, clip-path inset at 100 percent, massive negative text indents, font size zero inside words. Any of these in a marketing email is worth a second look.
- Score the whole message, not the vocabulary. Sender behavior, authentication results, link destination, message structure, and the action being requested. DKIM passing means the sender configured DKIM.
- Tell your users the quiet part. An email that looks clean and reads urgent is exactly the one that made it through, because it was built to.
Indicators of Compromise
There are no published IPs, domains, or hashes for this campaign. Given that the filler text is generated fresh per message and the senders rotate through compromised sites, traditional IOCs would go stale immediately anyway.