Security News > 2024 > August > Microsoft 365 anti-phishing alert “erased” with one simple trick
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear".
The alert can be made invisible by changing its background and text colors to white, through CSS style tags.
Since the aforementioned alert is attached to the body of an HTML email, its presentation can be altered via CSS style tags.
Setting the background and text color to white does.
An easy trick for that is to change the period in the email with the Unicode character that looks the same.
Unfortunately for Microsoft 365 and Outlook users, these tricks work and will work until Microsoft decides to do something about them.
News URL
https://www.helpnetsecurity.com/2024/08/08/microsoft-365-alert-erased/
Related news
- Microsoft 365 anti-phishing feature can be bypassed with CSS (source)
- ONNX phishing service targets Microsoft 365 accounts at financial firms (source)
- Australian Organizations are Fascinated With Copilot for Microsoft 365, But Will They Avoid The “Gotchas”? (source)
- Microsoft 365, Office users hit by wave of ‘30088-27’ update errors (source)
- June Windows Server updates break Microsoft 365 Defender features (source)
- Major Microsoft 365 outage caused by Azure configuration change (source)
- Microsoft confirms CrowdStrike update also hit Windows 365 PCs (source)
- Microsoft 365 users targeted by phishers abusing Microsoft Forms (source)
- Microsoft 365 and Azure outage takes down multiple services (source)
- Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net (source)