How Criminals Can Easily Bypass Microsoft’s Anti-Phishing Feature with CSS
One of the essential anti-phishing features in Microsoft 365 is the First Contact Safety Tip, which notifies users when they receive an email from an unfamiliar sender. However, researchers have found that the feature can be easily bypassed by using simple CSS (Cascading Style Sheets) code.
This alert normally displays a message that reads “You don’t often get email from xyz@example.com. Learn why this is important”. The alert is appended to the main body of the HTML email, which can be manipulated with CSS to change the background and font colors to white. This makes these safety alerts invisible, which makes it more difficult to spot a phishing attack.
Method: Attackers use CSS to alter alert visibility.
Here is a list explaining what each of these rules is doing.
- a { display: none; }: Hides any anchor (<a>) tags to prevent the tip from being displayed when a link is included.
- td div { color: white; font-size: 0px; }: Targets div elements within table data cells, changing their font color to white and font size to 0, hence making the text invisible.
- table tbody tr td {background-color: white !important; color: white !important; }: This makes any td element within the tbody of a table to have a white background and white text, effectively making the content blend into the background and thus appear invisible. It’s also possible to add more HTML code that spoofs the icons on Outlook that make them appear even more secure.
While Microsoft has acknowledged the issue, a fix has not immediately been addressed..
What You Can Do
- Stay Vigilant: Always double-check the sender’s email address, especially if it’s unfamiliar.
- Report Suspicious Emails: If you receive an email that seems suspicious, report it to our IT department immediately.
- Follow Best Practices: Regularly update your passwords and be cautious of unsolicited email attachments or links.
