Hello. We've been getting some phishing emails that appear to be written with standard (English) characters. ..At least that's the way it appears when viewed in Outlook. However, when we copy and paste the text into Word and then turn on"Show/Hide" to see everything, it looks much different. Here's an example..
In one phish there's a particular sentence that reads like this:
"You were not exception and now also have big problems"
When viewed in Word with show/hide enabled, it looks like this:
I had to use a screen capture of the "revealed" text because trying to copy it from Word into this post and the odd characters once again vanish as in the original Outlook message.
The question is, is there a way to setup a transport rule (or filter of some type) that can detect these hidden characters? Ideally we'd then have the message sent to a quarantine folder for further analysis.
Thanks in advance.