Threat actors in the phishing business have adopted a new technique to obfuscate the source code for the forged page by using a custom web font to implement a substitution cipher that looks like plaintext. The new evasion approach has been spotted in a phishing kit with most of its resource files dated early June 2018, but malware researchers first observed it a month earlier. The threat actor used branding imagery in SVG (scalable vector graphics) format, which can be rendered through code, eliminating the need to load them from a location.
Source: https://www.bleepingcomputer.com/news/security/new-phishing-tactic-uses-custom-web-fonts-to-prevent-detection/