Security News > 2024 > August > Microsoft 365 anti-phishing alert “erased” with one simple trick
2024-08-08 12:47
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear".
The alert can be made invisible by changing its background and text colors to white, through CSS style tags.
Since the aforementioned alert is attached to the body of an HTML email, its presentation can be altered via CSS style tags.
Setting the background and text color to white does.
An easy trick for that is to change the period in the email with the Unicode character that looks the same.
Unfortunately for Microsoft 365 and Outlook users, these tricks work and will work until Microsoft decides to do something about them.
News URL
https://www.helpnetsecurity.com/2024/08/08/microsoft-365-alert-erased/
Related news
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)