Cyber-criminals are using a trick that allows them to bypass Microsoft’s security filters and deliver spam and phishing emails to Office 365 email accounts. Called ZeroFont, the trick relies on interposing zero-width font characters inside normal text. The goal is to trick the email security system into thinking this is a giant block of rambling text, but show human recipients the “lure”” of the phishing email. Microsoft’s Office 365 platform does not mark these emails as malicious.”
Source: https://www.bleepingcomputer.com/news/security/zerofont-technique-lets-phishing-emails-bypass-office-365-security-filters/