Security News > 2024 > August > Microsoft 365 anti-phishing alert “erased” with one simple trick
2024-08-08 12:47
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear".
The alert can be made invisible by changing its background and text colors to white, through CSS style tags.
Since the aforementioned alert is attached to the body of an HTML email, its presentation can be altered via CSS style tags.
Setting the background and text color to white does.
An easy trick for that is to change the period in the email with the Unicode character that looks the same.
Unfortunately for Microsoft 365 and Outlook users, these tricks work and will work until Microsoft decides to do something about them.
News URL
https://www.helpnetsecurity.com/2024/08/08/microsoft-365-alert-erased/
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)