Over a Million Phishing Emails Used Hidden Text to Fool AI Security Filters

Researchers found that criminals are hiding innocent words inside malicious emails to confuse both traditional and AI-powered spam filters, and the technique is working.

ThreatVectr Newsdesk· 3 min read
Close-up, edge-to-edge 16:9 photograph of a glowing circuit board with streams of faintly visible text and code cascading across its surface in soft blue and wh
Share

Key points

  • Barracuda Networks researchers observed more than one million retail-themed phishing emails using hidden text between April 2025 and the time of their report.
  • The technique, called "text salting," hides harmless words inside an email's code so that security filters read clean content while victims see something else entirely.
  • Criminals are using large language models, meaning AI tools that generate and edit text, to produce these deceptive emails faster than ever before.
  • Current AI-based email security tools are not reliably detecting the technique, according to Barracuda vice president of information security Peterson Gutierrez.

More than one million phishing emails, where criminals send fake messages to trick people into handing over information or clicking dangerous links, reached inboxes between April 2025 and the date of Barracuda Networks' findings. Every one of them used the same basic trick to get past security software. The trick is old. The results are not.

The technique is called text salting. Criminals pepper the hidden code of a fake email with harmless, innocent words alongside the suspicious ones. Security software reads the code and sees "puppy" and "book" sitting next to "urgent" and "rewards," so it does not flag the message as dangerous. The person who opens the email sees only what the criminal wants them to see.

The innocent filler is hidden using simple methods. A word can be shrunk to a font size of zero, making it invisible. Text can be placed inside a box that is zero pixels wide, or pushed off the edge of the screen entirely. The reader never notices. The security filter does.

Why aren't email security tools catching this?

Email security gateways, which are the automated systems that decide whether a message reaches your inbox, do not see an email the way a person does. They read the underlying code. So when criminals manipulate that code to mix clean words with suspicious ones, the filter gets a very different picture than the reader gets.

Security tools know about salting and try to strip out hidden text before scanning. Criminals have responded by layering several hiding methods on top of each other, so that if one layer gets spotted, another still works.

AI-based filters are supposed to go further, understanding the meaning and tone of a message rather than just scanning for banned words. But according to Barracuda's Peterson Gutierrez, AI detection engines are not keeping pace. Worse, the same AI technology that powers those defences is also available to the criminals building the attacks. Large language models let attackers write and modify deceptive text at a speed that was not possible a few years ago.

The phishing emails themselves promise rewards, points, and gift cards, and push urgent deadlines to pressure people into clicking. First reported by Dark Reading, the campaign impersonates retail brands, though Barracuda notes the fakes are not especially convincing to a careful human eye.

If you received an unexpected email offering prizes or expiring rewards from a retailer, do not click any links inside it. Go directly to the retailer's official website by typing the address yourself. Gutierrez says effective defences need to look at the whole message, including the relationship between what is visible, what is hidden, where links point, and what action the email is pushing the reader to take.

© 2026 Threat Vectr