Attackers have found a way to circumvent Microsoft 365’s anti-phishing measures by making a crucial alert disappear, potentially allowing malicious emails to sneak into organizations undetected.
The alert in question is known as the “First Contact Safety Tip,” which is designed to warn Outlook users when they receive an email from an unfamiliar sender. However, researchers from Certitude, William Moody and Wolfgang Ettlinger, discovered that this alert can be hidden by changing its background and text colors to white using Cascading Style Sheets (CSS).
CSS is a language used to dictate the visual presentation of documents written in markup languages like HTML or XML. By manipulating the CSS style tags within an HTML email, attackers can make the alert invisible to the recipient, even though it still appears in the email preview.
Traditional methods of hiding visual elements, such as making them completely transparent or setting their height to zero pixels, do not work in this case. However, setting the background and text color to white effectively conceals the alert within the body of the email.
Additionally, phishers can enhance the legitimacy of their emails by adding HTML code to fake a signature from the purported sender in Outlook. By altering a single element of the email address, such as replacing a period with a visually similar Unicode character, attackers can create a more convincing facade to trick recipients.
While these tactics may not fool savvy users, all it takes is for one person to fall for the phishing attack for the threat actor to gain a foothold within an organization. This is especially concerning as email attacks have been on the rise, emphasizing the importance of remaining vigilant against such threats.
Unfortunately, Microsoft has acknowledged the issue but has not taken immediate action to address it. They have stated that the issue does not meet their criteria for urgent resolution but have noted it for potential future improvements to their products.
Until Microsoft implements a fix for these vulnerabilities, organizations using Microsoft 365 and Outlook should remain cautious when interacting with unfamiliar emails and be aware of the tactics that attackers may use to bypass security measures. Constant vigilance and user education are key components in combatting the ever-evolving threat landscape of cyber attacks.