Technology
New email scam uses hidden characters to slip past filters
NEWYou can now listen to Fox News articles!
Cybercriminals keep finding new angles to get your attention, and email remains one of their favorite tools. Over the years, you have probably seen everything from fake courier notices to AI-generated scams that feel surprisingly polished. Filters have improved, but attackers have learned to adapt. The latest technique takes aim at something you rarely think about: the subject line itself. Researchers have found a method that hides tiny, invisible characters inside the subject so automated systems fail to flag the message. It sounds subtle, but it is quickly becoming a serious problem.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES
Cybercriminals are using invisible Unicode characters to disguise phishing email subject lines, allowing dangerous scams to slip past filters. (Photo by Donato Fasano/Getty Images)
How the new trick works
Researchers recently uncovered phishing campaigns that embed soft hyphens between every letter of an email subject. These are invisible Unicode characters that normally help with text formatting. They do not show up in your inbox, but they completely throw off keyword-based filters. Attackers use MIME encoded-word formatting to slip these characters into the subject. By encoding it in UTF-8 and Base64, they can weave these hidden characters through the entire phrase.
One analyzed email decoded to “Your Password is About to Expire” with a soft hyphen tucked between every character. To you, it looks normal. To a security filter, it looks scrambled, with no clear keyword to match. The attackers then use the same trick in the body of the email, so both layers slide through detection. The link leads to a fake login page sitting on a compromised domain, designed to harvest your credentials.
If you have ever tried spotting a phishing email, this one still follows the usual script. It builds urgency, claims something is about to expire and points you to a login page. The difference is in how neatly it dodges the filters you trust.
Why this phishing technique is super dangerous
Most phishing filters rely on pattern recognition. They look for suspicious words, common phrases and structure. They also scan for known malicious domains. By splitting every character with invisible symbols, attackers break up these patterns. The text becomes readable for you but unreadable for automated systems. This creates a quiet loophole where old phishing templates suddenly become effective again.
The worrying part is how easy this method is to copy. The tools needed to encode these messages are widely available. Attackers can automate the process and churn out bulk campaigns with little extra effort. Since the characters are invisible in most email clients, even tech-savvy users do not notice anything odd at first glance.
Security researchers point out that this method has appeared in email bodies for years, but using it in the subject line is less common. That makes it harder for existing filters to catch. Subject lines also play a key role in shaping your first impression. If the subject looks familiar and urgent, you are more likely to open the email, which gives the attacker a head start.
How to spot a phishing email before you click
Phishing emails often look legitimate, but the links inside them tell a different story. Scammers hide dangerous URLs behind familiar-looking text, hoping you will click without checking. One safe way to preview a link is by using a private email service that shows the real destination before your browser loads it.
Our top-rated private email provider recommendation includes malicious link protection that reveals full URLs before opening them. This gives you a clear view of where a link leads before anything can harm your device. It also offers strong privacy features like no ads, no tracking, encrypted messages and unlimited disposable aliases.
For recommendations on private and secure email providers, visit Cyberguy.com
PAYROLL SCAM HITS US UNIVERSITIES AS PHISHING WAVE TRICKS STAFF
A new phishing method hides soft hyphens inside subject lines, scrambling keyword detection while appearing normal to users. (Photo by Silas Stein/picture alliance via Getty Images)
9 steps you can take to protect yourself from this phishing scam
You do not need to become a security expert to stay safe. A few habits, paired with the right tools, can shut down most phishing attempts before they have a chance to work.
1) Use a password manager
A password manager helps you create strong, unique passwords for every account. Even if a phishing email fools you, the attacker cannot use your password elsewhere because each one is different. Most password managers also warn you when a site looks suspicious.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Enable two-factor authentication
Turning on 2FA adds a second step to your login process. Even if someone steals your password, they still need the verification code on your phone. This stops most phishing attempts from going any further.
3) Install a reliable antivirus software
Strong antivirus software does more than scan for malware. Many can flag unsafe pages, block suspicious redirects and warn you before you enter your details on a fake login page. It is a simple layer of protection that helps a lot when an email slips past filters.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
4) Limit your personal data online
Attackers often tailor phishing messages using information they find about you. Reducing your digital footprint makes it harder for them to craft emails that feel convincing. You can use personal data removal services to clean up exposed details and old database leaks.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH
Researchers warn that attackers are bypassing email defenses by manipulating encoded subject lines with unseen characters. (Photo by Lisa Forster/picture alliance via Getty Images)
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
5) Check sender details carefully
Do not rely on the display name. Always check the full email address. Attackers often tweak domain names by a single letter or symbol. If something feels off, open the site manually instead of clicking any link inside the email.
6) Never reset passwords through email links
If you get an email claiming your password will expire, do not click the link. Go to the website directly and check your account settings. Phishing emails rely on urgency. Slowing down and confirming the issue yourself removes that pressure.
7) Keep your software and browser updated
Updates often include security fixes that help block malicious scripts and unsafe redirects. Attackers take advantage of older systems because they are easier to trick. Staying updated keeps you ahead of known weaknesses.
8) Turn on advanced spam filtering or “strict” filtering
Many email providers (Gmail, Outlook, Yahoo) allow you to tighten spam filtering settings. This won’t catch every soft-hyphen scam, but it improves your odds and reduces risky emails overall.
9) Use a browser with anti-phishing protection
Chrome, Safari, Firefox, Brave, and Edge all include anti-phishing checks. This adds another safety net if you accidentally click a bad link.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaway
Phishing attacks are changing fast, and tricks like invisible characters show how creative attackers are getting. It’s safe to say filters and scanners are also improving, but they cannot catch everything, especially when the text they see is not the same as what you see. Staying safe comes down to a mix of good habits, the right tools, and a little skepticism whenever an email pushes you to act quickly. If you slow down, double-check the details, and follow the steps that strengthen your accounts, you make it much harder for anyone to fool you.
Do you trust your email filters, or do you double-check suspicious messages yourself? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
It’s still hard to believe that Hollow Knight: Silksong actually came out this year, but now, we all have a new thing to wait for: the game is getting a free expansion in 2026, titled Sea of Sorrow. Team Cherry calls it the game’s “first big expansion.”
“New areas, bosses, tools, and more!” Team Cherry says in a blog post. “Hornet’s adventures continue in our nautically themed expansion, coming free for all players next year. We’ll keep further details a secret for now, but expect additional info shortly before Hollow Knight: Silksong – Sea of Sorrow releases.”
More than 7 million people bought Silksong, according to Team Cherry, and “millions more” played on Xbox Game Pass.
The original Hollow Knight is getting updated, too. Team Cherry is working on a Nintendo Switch 2 Edition of the game that “incorporates all the updates and enhancements that Silksong received on the platform: High frame-rate modes, higher resolutions, and many additional graphical effects.” Players who own the Switch version of the game will get the Nintendo Switch 2 Edition as a free update when it’s available in 2026.
Ahead of that launch, Team Cherry says it will be “updating all versions of the original game for current platforms, adding features and fixing bugs.” Those changes include “full 16:10 and 21:9 aspect ratio support for those of you with Steam Decks or ultrawide monitors,” and PC players can try the new updates in public beta.
NEWYou can now listen to Fox News articles!
Petco revealed a data breach that exposed sensitive customer information. The company disclosed the details in state filings after identifying a configuration in one of its software applications that made certain files accessible online. This issue has now been corrected, but the impact is significant.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS
Petco disclosed a breach that exposed customer data after a software setting left files accessible online. (Photographer: Tiffany Hagler-Geard/Bloomberg via Getty Images)
What Petco says the breach exposed
According to reports filed with the Texas attorney general’s office, the exposed data included names, Social Security numbers, driver’s license numbers, financial account details, credit or debit card numbers and dates of birth. Filings in California, Massachusetts and Montana confirm additional affected residents.
In California, companies must report breaches involving at least 500 state residents. Petco did not disclose the exact number, which suggests the real total is higher. For context, Petco said in 2022 that it served more than 24 million customers.
Petco says the company sent notifications to individuals whose information was involved. The sample notice released by the California attorney general explains that a software setting allowed certain files to be accessible online. Petco says it removed those files, corrected the setting and added new security measures.
The company is offering free credit and identity theft monitoring to victims in California, Massachusetts and Montana. It is not clear if similar support is being offered to affected Texas residents.
We reached out to Petco for comment, and a representative provided CyberGuy with the following statement,
“We recently identified a setting in one of our applications which inadvertently made certain Petco files accessible online. Upon identifying the issue, we took immediate steps to correct the error and began an investigation. We notified individuals whose information was involved and continue to monitor for further issues. We take this incident seriously. To help prevent something like this from happening again, we have taken and will continue to take steps to enhance the security of our network.”
What this breach means for you
A breach that exposes government IDs, financial numbers and birth dates creates long-term risks. Criminals use this mix of information to open accounts, take over existing ones or try to pass identity checks. Even if no fraud happens right away, exposed data can sit in criminal markets for years.
Ways to stay safe after a breach like this
You can take several steps today that help lower your risk and protect your identity going forward.
1) Place a credit freeze
A freeze blocks new credit accounts in your name. It also stops criminals from opening loans or credit cards with your stolen information. You can freeze your credit for free at Equifax, Experian and TransUnion.
2) Add two more freezes
Two additional freezes cover accounts that do not run through the major credit bureaus. Freeze ChexSystems to stop criminals from opening checking or savings accounts. Freeze NCTUE to block fake phone, cable or utility accounts.
3) Turn on account alerts
Set up alerts for banking, credit cards and online shopping accounts. Alerts help you spot suspicious activity fast.
4) Use a password manager
Strong passwords protect you from credential stuffing attacks. This happens when criminals take stolen passwords from one breach and try them on other sites. A password manager creates unique passwords for every account and helps you stop those attacks before they start.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
5) Monitor your identity
If Petco offered you free identity theft monitoring, enroll as soon as possible. It helps you catch fraud that can happen months or years later.
Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com
WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW
State filings show Petco customers had Social Security and financial information exposed in the breach. (Photo by Justin Sullivan/Getty Images)
6) Remove exposed personal data
Data broker sites collect and share personal details that fuel scams. Removing your information reduces your exposure and makes you a harder target.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
WHY SCAMMERS OPEN BANK ACCOUNTS IN YOUR NAME
Petco says it corrected the software issue and notified individuals whose information was compromised. (Photo by Paul Weaver/SOPA Images/LightRocket via Getty Images)
7) Watch for phishing and use strong antivirus software
Scammers often follow a breach with emails or texts that look real. Slow down and check every message before you click. A strong antivirus helps block malicious links and alerts you when something looks risky.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
Kurt’s key takeaways
Data breaches happen often, but this one involves information that can cause lasting harm. You can protect yourself with a few quick steps that reduce the chance of fraud and limit how far criminals can get with your data.
How much trust do you place in companies to protect your personal information? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2025 CyberGuy.com. All rights reserved.
Amazon has launched a new AI feature in the Kindle app that gives spoiler-free answers to questions about the book you’re reading and confirmed that authors can’t opt out from the feature.
The company calls Ask this Book an “expert reading assistant” in its announcement and says that it’s capable of answering questions about “plot details, character relationships, and thematic elements,” all while avoiding spoilers by limiting its answers to content from the pages you’ve read so far. It’s essentially an in-book chatbot, accessible from the book menu or by highlighting a passage of text you want to ask about.
Amazon spokesperson Ale Iraheta told Publishers Lunch that the answers are “non-shareable and non-copyable” and only available to readers who’ve purchased or rented books. Iraheta also said that the feature is always on, noting that “there is no option for authors or publishers to opt titles out.”
Remembering Rob Reiner, who made movies for people who love them
Video: How We Tested Earplugs for Sleeping
Silksong is getting a free expansion next year
Pope Leo XIV condemns ‘antisemitic violence’ after massacre in Sydney: ‘We must eliminate hatred’
DC police accused of manipulating crime stats as federal probe finds thousands of misclassified cases
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
DC police accused of manipulating crime stats as federal probe finds thousands of misclassified cases
All eyes on Italy as Mercosur deal hangs in the balance
Australia announces strict new gun laws. Here’s how it can act so swiftly
Video: Rob Reiner and His Wife Are Found Dead in Their Los Angeles Home
Biden officials go silent when asked about Afghan refugee program after guardsmen shooting
-
Alaska1 week agoHowling Mat-Su winds leave thousands without power
-
Texas1 week agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
Washington6 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa1 week agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire
-
Iowa2 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Miami, FL1 week agoUrban Meyer, Brady Quinn get in heated exchange during Alabama, Notre Dame, Miami CFP discussion
-
Cleveland, OH1 week agoMan shot, killed at downtown Cleveland nightclub: EMS
-
World1 week ago
Chiefs’ offensive line woes deepen as Wanya Morris exits with knee injury against Texans
