Security News > 2024 > August > Microsoft 365 anti-phishing alert “erased” with one simple trick
2024-08-08 12:47
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear".
The alert can be made invisible by changing its background and text colors to white, through CSS style tags.
Since the aforementioned alert is attached to the body of an HTML email, its presentation can be altered via CSS style tags.
Setting the background and text color to white does.
An easy trick for that is to change the period in the email with the Unicode character that looks the same.
Unfortunately for Microsoft 365 and Outlook users, these tricks work and will work until Microsoft decides to do something about them.
News URL
https://www.helpnetsecurity.com/2024/08/08/microsoft-365-alert-erased/
Related news
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Attackers phish OAuth codes, take over Microsoft 365 accounts (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- New Microsoft 365 outage impacts Teams and other services (source)