Security News > 2024 > August > Microsoft 365 anti-phishing alert “erased” with one simple trick
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear".
The alert can be made invisible by changing its background and text colors to white, through CSS style tags.
Since the aforementioned alert is attached to the body of an HTML email, its presentation can be altered via CSS style tags.
Setting the background and text color to white does.
An easy trick for that is to change the period in the email with the Unicode character that looks the same.
Unfortunately for Microsoft 365 and Outlook users, these tricks work and will work until Microsoft decides to do something about them.
News URL
https://www.helpnetsecurity.com/2024/08/08/microsoft-365-alert-erased/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)