Anti-Phishing Cybersecurity

6 Visual Phishing Detection Evasion Techniques

6 Visual Phishing Detection Evasion Techniques

Reading Time: 3 minutes

Visual phishing detection evasion techniques are becoming more sophisticated

In our recently published Visual-AI in Anti-Phishing white paper, we talk about how sophisticated online scammers, or Bad Actors as they are known in the anti-phishing industry, are becoming. It’s becoming increasingly difficult to stay one step ahead of them as they employ ingenious phishing detection evasion techniques in their campaigns. 

Here, we’ll take a look at these evasion techniques that exploit visual elements in order to understand how they can be used to slip through the net, despite the impressive technology being used in the cybersecurity industry to bring them to block them.

1. Text Converted to Graphics

Career online scam artists know that phishing detection systems are primed to flag trigger words in the text. In a bid to avoid this, Bad Actors convert text to images so that they cannot be detected. For example, words like “username” or “Password” may appear to be in ordinary text format but it is actually placed on the page or in an email as a JPEG or PNG. This is not only undetectable by text scanners, but looks quite normal to the human eye. This makes it harder to detect as most phishing detection systems can’t see inside graphics and so the system doesn’t get triggered. It’s also more likely that users will unknowingly compromise themselves and their companies. 

2. URLs Converted to Images

Yes, more images. Are you seeing the pattern yet? Within emails, in particular, Bad Actors include a graphic with a familiar and genuine URL, like, that links to a fake site designed to gather data for sinister purposes. So again, the phishing detection platform can’t see it and the actual URL is similar enough, like, so that, at a glance, it is unlikely to raise the user’s suspicions.

Phishing Evasion Techniques_Email_Visual Vectors

3. Sections Converted to Images

As well as converting individual keywords into images, Bad Actors often convert entire sections, like forms, into graphics, overlaying the input fields so it is imperceptible. In some cases, entire emails or websites are actually images, so that no alarming elements can be detected by the human eye, or indeed by HTML parsers and text-based detection systems.

4. Noise as a Phishing Detection Evasion Technique

It’s the oldest trick in the book. Distraction. From pickpockets to con-artists, to the humble children’s party magician, distraction is key in achieving their goal. In a non-visual version of this, Bad Actors add noise to the code of an email or web page. The HTML is often nonsensical, adding reams of code to deflect from the elements needed to pull off the virtual heist, confusing any phishing detection systems designed to read it. Their visual approach is to scramble images in the code, which are then reassembled (using javascript of CSS) to show the complete image seamlessly to users. It’s a very clever, and very dangerously convincing way to avoid detection. 

5. This Looks Legitimate

How many times have you almost been caught out by a legitimate-looking email, text message or social post? How many times have you second-guessed your intuition or asked someone “does this look legit?” That’s because Bad Actors will do all it takes to make their efforts to capture data from individuals, and compromise organisations, look like the real deal. They will use legitimate links in their emails, websites and SMS, such as help pages, privacy pages and even, quite audaciously, anti-fraud pages.

These all serve to make things seem as above board as possible, increasing the likelihood of a successful phishing attempt. 

6. The pop-up 

Pop-ups are not just invasive marketing tools utilized by online retailers, they are a favourite phishing detection evasion technique employed by Bad Actors. They often drive victims to genuine sites through an email or message, but the URL will tag on some code that will allow a pop-up to appear over the top of the real form, requesting their details. This is often a file-sharing site that then asks them to ‘login’ to see the file. 

There is a solution – Visual-AI

Knowing what the most common evasion techniques are is just one small step in upping the game when it comes to policing phishing. With the trend of phishing attacks on the rise, cybersecurity professionals are always seeking new technologies that will keep them a step ahead of the scammers. That next big thing is Visual-AI! Read about it in our Visual-AI in Anti-Phishing Whitepaper, or check out why Chief Technology Officer, Alessandro Prest, believes that Visual-AI is the answer in phishing detection.

Book A Demo


How Visual Search is Used in Anti-Phishing

Reading Time: 2 minutes Visual Search in Phishing Protection – an effective combination Visual search is a powerful piece of computer vision technology that can enhance […]

How Object Detection is Used in Anti-Phishing

Reading Time: 3 minutes Object Detection plays an important role in phishing protection We have discussed previously how logo detection and text detection work with anti-phishing […]

How Text Detection Is Used In Phishing Protection

Reading Time: 4 minutes Text Detection in Phishing Protection has become an essential asset  When we were approached by a cybersecurity company to discuss how our […]


Trusted by the world's leading platforms, marketplaces and agencies

Integrate Visual-AI Into Your Platform

Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.

  • This field is for validation purposes and should be left unchanged.