---
title: How Spammers Evade Filters
order: 5
summary: Technical tricks spammers use to bypass automated detection — and how to recognize them.
lastUpdated: "2026-04-10"
---
## Overview

Spammers know that platforms and tools use keyword filters. So they use technical tricks to make their messages look different to computers while still being readable to humans. Understanding these tricks helps you spot spam that automated tools might miss — and helps you understand why some obvious-looking spam gets through.

## Character Substitution & Lookalikes

### Cyrillic/Latin Mixtures

This is one of the most sophisticated evasion techniques. Spammers replace Latin letters with visually identical Cyrillic characters. To your eyes, the word looks normal. To a computer, it's a completely different string.

Many Cyrillic letters are visually identical to their Latin counterparts — `a`, `e`, `o`, `c`, `p` and others have Cyrillic lookalikes that appear the same to the human eye but are completely different characters to a computer.

**Example:** The word "telegram" with a Cyrillic "e" looks identical to you but won't match a filter looking for "telegram."

**How to spot it:** You usually can't see it with your eyes. If a comment looks like obvious spam but wasn't caught by filters, character substitution may be why. Copy-paste the text into a Unicode inspector tool to check.

### Leet Speak & Symbol Substitution

Replacing letters with numbers or symbols — for example, `0nlyfans` (zero instead of O) or `nud3s` (3 instead of E). This is more visible than Cyrillic substitution and easier to catch once you know what to look for. The trick is always the same: swap a letter for something that looks similar.

## Invisible Characters

Spammers insert invisible Unicode characters into words to break up keyword matches.

There are many invisible Unicode characters that can be inserted into text — invisible spaces, direction markers, formatting characters, and more. A word like "telegram" with an invisible character in the middle looks perfectly normal but won't match keyword filters.

**How to spot it:** If a word has unusual cursor behavior when you try to select it (cursor seems to "stick" in the middle), invisible characters may be present.

## Zalgo Text

Zalgo text stacks excessive diacritical marks (accents, tildes, etc.) on characters, creating distorted, "glitchy" text that's hard to read and hard to filter.

**Example:** Text that appears to drip or extend vertically with stacked marks above and below each character.

**Purpose:** Makes the text unreadable to automated filters while still being (barely) readable to humans. Often used for shock value or to make hate speech harder to detect.

## Fullwidth Characters

These are "wide" versions of normal letters and numbers from Asian character sets. They look similar to regular characters but have different Unicode values.

**How to spot it:** Text appears slightly wider or more spaced out than normal. If you see uniform but oddly-spaced text in a comment, fullwidth characters may be in use.

## URL Shortener Abuse

Spammers hide malicious or spammy destinations behind shortened URLs.

There are dozens of URL shortening services in use. Some are well-known (like bit.ly), others are more obscure. Bio link services (like linktr.ee) are lower risk but still worth monitoring when they appear alongside other spam signals.

**Red flags with shortened URLs:**
- Multiple shortened URLs in a single comment
- Shortened URL combined with urgency language ("act now!", "limited time!")
- Shortened URL in a comment unrelated to the post topic
- Shortened URL from an account with no posting history

**What to do:** Never click shortened URLs in suspicious comments. Use a URL expander tool to check where they actually lead.

## Emoji Spam

Excessive emoji use can be both a spam signal and an evasion technique.

**Patterns to watch for:**
- **Repeated identical emoji:** Many of the same emoji in a row (e.g., a row of money bags)
- **Emoji overload:** Lots of emoji with very little actual text — the emoji draw attention while the message hides a link or scam
- **Crypto emoji clusters:** Rocket, money bag, dollar bill, gem, and chart emoji grouped together often signal crypto scams

**Note:** Emoji-only reactions (hearts, thumbs up, laughing faces) from real users are normal and harmless. The concern is emoji used as visual noise alongside scam content.

### Quick-Reference Checklist

- [ ] If obvious spam wasn't caught by filters, suspect character substitution
- [ ] Look for number/symbol replacements in known spam words (zeros for O's, 3's for E's, etc.)
- [ ] Unusual cursor behavior when selecting text may indicate invisible characters
- [ ] Glitchy, dripping text (Zalgo) is always intentional disruption
- [ ] Never click shortened URLs in suspicious comments — use an expander tool
- [ ] Multiple shortened URLs in one comment is a strong spam signal
- [ ] Shortened URL + urgency language = almost always a scam
- [ ] Excessive identical emoji or crypto-themed emoji clusters signal spam