Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass security tools meant to block malicious emails. Inky noticed a new twist on this technique in which attackers use their knowledge of HTML/ CSS and Unicode to disguise phishing emails. To a user they appear as normal; to a scanner they may not raise any flags because its pattern-matching settings aren’t configured to look for this type of content. An attacker could also use the “display:none” setting, an element of CSS that tells a browser to render text as invisible.”]