Security News > 2020 > November > Sneaky Office 365 phishing inverts images to evade detection
A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites.
This tactic has been used by several Office 365 credential phishing sites according to WMC Global analysts who spotted while being deployed as part of the same phishing kit created and sold by a single threat actor to multiple users.
To avoid this, the phishing kit designed to use this novel tactic automatically reverts the backgrounds using Cascading Style Sheets to make them look just like the original backgrounds of the Office 365 login pages they are trying to mimic.
Earlier this year, another Office 365 phishing campaign made use of CSS tricks to bypass Secure Email Gateways by reversing text in a phishing emails' HTML code to fill the email gateways' Bayesian statistical models.
Other phishing campaigns targeting Office 365 users have also used innovative techniques such as testing the stolen login in real-time, abusing Google Ads to bypass secure email gateways, as well as Google Cloud Services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud to host the phishing landing pages.